Archives
/
calibre-web
mirror of https://github.com/janeczku/calibre-web
2
0
Fork 0
Code Issues Releases Wiki Activity

Implement Backend to deny editing Guest rights restriction #1938

Browse Source
pull/1946/head
Ozzie Isaacs 3 years ago
parent 067fb1b0b7
commit 7561eabe52
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File

7
cps/admin.py
Unescape Escape View File

@ -335,6 +335,9 @@ def edit_list_user(param):
elif param == 'kindle_mail':
user.kindle_mail = valid_email(vals['value']) if vals['value'] else ""
elif param == 'role':
if user.name == "Guest" and int(vals['field_index']) in \
[constants.ROLE_ADMIN, constants.ROLE_PASSWD, constants.ROLE_EDIT_SHELFS]:
raise Exception(_("Guest can't have this role"))
if vals['value'] == 'true':
user.role |= int(vals['field_index'])
else:
@ -345,6 +348,8 @@ def edit_list_user(param):
return _(u"No admin user remaining, can't remove admin role", nick=user.name), 400
user.role &= ~int(vals['field_index'])
elif param == 'sidebar_view':
if user.name == "Guest" and int(vals['field_index']) == constants.SIDEBAR_READ_AND_UNREAD:
raise Exception(_("Guest can't have this view"))
if vals['value'] == 'true':
user.sidebar_view |= int(vals['field_index'])
else:
@ -358,6 +363,8 @@ def edit_list_user(param):
elif param == 'denied_column_value':
user.denied_column_value = vals['value']
elif param == 'locale':
if user.name == "Guest":
raise Exception(_("Guest's Locale is determined automatically and can't be set"))
user.locale = vals['value']
elif param == 'default_language':
user.default_language = vals['value']

1
cps/static/js/table.js
Unescape Escape View File

@ -459,6 +459,7 @@ $(function() {
$("input[data-name='admin_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
$("input[data-name='passwd_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
$("input[data-name='edit_shelf_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
$("input[data-name='sidebar_read_and_unread'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
// ToDo: Disable delete
},

Write Preview
Loading…
Cancel
Save