jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Do not allow to set active flag for the operating user

Browse Source
This commit is contained in:
Johannes Zellner
2020-03-05 21:00:59 -08:00
parent 1766bc6ee3
commit de23d1aa03
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/routes/users.js
View File

@@ -75,7 +75,10 @@ function update(req, res, next) {
if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but user has only '${req.user.role}'`));
}
if ('active' in req.body && typeof req.body.active !== 'boolean') return next(new HttpError(400, 'active must be a boolean'));
if ('active' in req.body) {
if (typeof req.body.active !== 'boolean') return next(new HttpError(400, 'active must be a boolean'));
if (req.user.id === req.resource.id) return next(new HttpError(409, 'Cannot set active flag on self'));
}
users.update(req.resource, req.body, auditSource.fromRequest(req), function (error) {
if (error) return next(BoxError.toHttpError(error));