v6.3.7.0

Changelog: https://roxy-wi.org/changelog#6_3_7
2 years ago · 8012c88727
2 changed files with 22 additions and 8 deletions
--- a/app/modules/db/sql.py
+++ b/app/modules/db/sql.py
@ -92,8 +92,18 @@ def add_user(user, email, password, role, activeuser, group):


 def update_user(user, email, role, user_id, activeuser):
-	user_update = User.update(username=user, email=email, role=role, activeuser=activeuser).where(
-		User.user_id == user_id)
+	user_update = User.update(username=user, email=email, role=role, activeuser=activeuser).where(User.user_id == user_id)
+	try:
+		user_update.execute()
+	except Exception as e:
+		out_error(e)
+		return False
+	else:
+		return True
+
+
+def update_user_from_admin_area(user, email, user_id, activeuser):
+	user_update = User.update(username=user, email=email, activeuser=activeuser).where(User.user_id == user_id)
 	try:
 		user_update.execute()
 	except Exception as e:
--- a/app/modules/roxywi/user.py
+++ b/app/modules/roxywi/user.py
@ -60,19 +60,23 @@ def delete_user():

 def update_user():
    email = form.getvalue('email')
-    role_id = int(form.getvalue('role'))
    new_user = form.getvalue('updateuser')
    user_id = form.getvalue('id')
    activeuser = form.getvalue('activeuser')
    group_id = int(form.getvalue('usergroup'))

    if roxywi_common.check_user_group():
-        if roxywi_auth.is_admin(level=role_id):
-            sql.update_user(new_user, email, role_id, user_id, activeuser)
-            sql.update_user_role(user_id, group_id, role_id)
-            roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
+        if form.getvalue('role'):
+            role_id = int(form.getvalue('role'))
+            if roxywi_auth.is_admin(level=role_id):
+                sql.update_user(new_user, email, role_id, user_id, activeuser)
+                sql.update_user_role(user_id, group_id, role_id)
+                roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
+            else:
+                roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
        else:
-            roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
+            sql.update_user_from_admin_area(new_user, email, user_id, activeuser)
+            roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)


 def update_user_password():