mirrors/calibre-web
1
0
Fork 0
mirror of https://github.com/janeczku/calibre-web synced 2025-10-31 07:13:02 +00:00
Code Issues Releases Wiki Activity

Implement Backend to deny editing Guest rights restriction #1938

Browse Source
This commit is contained in:
Ozzie Isaacs
2021-04-07 18:56:17 +02:00
parent 067fb1b0b7
commit 7561eabe52
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cps/admin.py
View File

@@ -335,6 +335,9 @@ def edit_list_user(param):
elif param == 'kindle_mail': elif param == 'kindle_mail':
user.kindle_mail = valid_email(vals['value']) if vals['value'] else "" user.kindle_mail = valid_email(vals['value']) if vals['value'] else ""
elif param == 'role': elif param == 'role':
if user.name == "Guest" and int(vals['field_index']) in \
[constants.ROLE_ADMIN, constants.ROLE_PASSWD, constants.ROLE_EDIT_SHELFS]:
raise Exception(_("Guest can't have this role"))
if vals['value'] == 'true': if vals['value'] == 'true':
user.role |= int(vals['field_index']) user.role |= int(vals['field_index'])
else: else:
@@ -345,6 +348,8 @@ def edit_list_user(param):
return _(u"No admin user remaining, can't remove admin role", nick=user.name), 400 return _(u"No admin user remaining, can't remove admin role", nick=user.name), 400
user.role &= ~int(vals['field_index']) user.role &= ~int(vals['field_index'])
elif param == 'sidebar_view': elif param == 'sidebar_view':
if user.name == "Guest" and int(vals['field_index']) == constants.SIDEBAR_READ_AND_UNREAD:
raise Exception(_("Guest can't have this view"))
if vals['value'] == 'true': if vals['value'] == 'true':
user.sidebar_view |= int(vals['field_index']) user.sidebar_view |= int(vals['field_index'])
else: else:
@@ -358,6 +363,8 @@ def edit_list_user(param):
elif param == 'denied_column_value': elif param == 'denied_column_value':
user.denied_column_value = vals['value'] user.denied_column_value = vals['value']
elif param == 'locale': elif param == 'locale':
if user.name == "Guest":
raise Exception(_("Guest's Locale is determined automatically and can't be set"))
user.locale = vals['value'] user.locale = vals['value']
elif param == 'default_language': elif param == 'default_language':
user.default_language = vals['value'] user.default_language = vals['value']

1
cps/static/js/table.js
View File

@@ -459,6 +459,7 @@ $(function() {
$("input[data-name='admin_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true); $("input[data-name='admin_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
$("input[data-name='passwd_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true); $("input[data-name='passwd_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
$("input[data-name='edit_shelf_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true); $("input[data-name='edit_shelf_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
$("input[data-name='sidebar_read_and_unread'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
// ToDo: Disable delete // ToDo: Disable delete
}, },