deblan/PowerDNS-Admin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix the user role checking in History routes

Browse source
This commit is contained in:
Khanh Ngo 2018-09-04 17:58:13 +07:00
parent c8d72f5bba
commit 67dd626c65
No known key found for this signature in database
GPG key ID: B9AE3BAF6D5A7B22
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/templates/admin_history.html
View file

@ -23,7 +23,7 @@
<h3 class="box-title">History Management</h3>
</div>
<div class="box-body clearfix">
<button type="button" class="btn btn-flat btn-danger pull-right" data-toggle="modal" data-target="#modal_clear_history" {% if current_user.role != 'Administrator' %}disabled{% endif %}>
<button type="button" class="btn btn-flat btn-danger pull-right" data-toggle="modal" data-target="#modal_clear_history" {% if current_user.role.name != 'Administrator' %}disabled{% endif %}>
Clear History&nbsp;<i class="fa fa-trash"></i>
</button>
</div>

2
app/views.py
View file

@ -1324,7 +1324,7 @@ def admin_manageaccount():
@operator_role_required
def admin_history():
if request.method == 'POST':
if current_user.role != 'Administrator':
if current_user.role.name != 'Administrator':
return make_response(jsonify( { 'status': 'error', 'msg': 'You do not have permission to remove history.' } ), 401)
h = History()