limit user to only create domains for the accounts he belongs to (#970)

2021-08-05 19:42:58 +02:00 · 2021-08-05 19:42:58 +02:00 · 993e02b635
parent 07c71fb0bf
commit 993e02b635
1 changed files with 19 additions and 1 deletions
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@ -149,6 +149,18 @@ def add():
                    'errors/400.html',
                    msg="Please enter a valid domain name"), 400

+            # If User creates the domain, check some additional stuff
+            if current_user.role.name not in ['Administrator', 'Operator']:
+                # Get all the account_ids of the user
+                user_accounts_ids = current_user.get_accounts()
+                user_accounts_ids = [x.id for x in user_accounts_ids]
+                # User may not create domains without Account
+                if int(account_id) == 0 or int(account_id) not in user_accounts_ids:
+                    return render_template(
+                        'errors/400.html',
+                        msg="Please use a valid Account"), 400
+
+
            #TODO: Validate ip addresses input

            # Encode domain name into punycode (IDN)
@ -250,13 +262,19 @@ def add():
            current_app.logger.debug(traceback.format_exc())
            abort(500)

+    # Get
    else:
-        accounts = Account.query.order_by(Account.name).all()
+        # Admins and Operators can set to any account
+        if current_user.role.name in ['Administrator', 'Operator']:
+            accounts = Account.query.order_by(Account.name).all()
+        else:
+            accounts = current_user.get_accounts()
        return render_template('domain_add.html',
                               templates=templates,
                               accounts=accounts)


+
@domain_bp.route('/setting/<path:domain_name>/delete', methods=['POST'])
@login_required
@operator_role_required