Browse Source

v6.3.7.0

Changelog: https://roxy-wi.org/changelog#6_3_7
pull/355/head
Aidaho 2 years ago
parent
commit
8012c88727
  1. 14
      app/modules/db/sql.py
  2. 16
      app/modules/roxywi/user.py

14
app/modules/db/sql.py

@ -92,8 +92,18 @@ def add_user(user, email, password, role, activeuser, group):
def update_user(user, email, role, user_id, activeuser): def update_user(user, email, role, user_id, activeuser):
user_update = User.update(username=user, email=email, role=role, activeuser=activeuser).where( user_update = User.update(username=user, email=email, role=role, activeuser=activeuser).where(User.user_id == user_id)
User.user_id == user_id) try:
user_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_user_from_admin_area(user, email, user_id, activeuser):
user_update = User.update(username=user, email=email, activeuser=activeuser).where(User.user_id == user_id)
try: try:
user_update.execute() user_update.execute()
except Exception as e: except Exception as e:

16
app/modules/roxywi/user.py

@ -60,19 +60,23 @@ def delete_user():
def update_user(): def update_user():
email = form.getvalue('email') email = form.getvalue('email')
role_id = int(form.getvalue('role'))
new_user = form.getvalue('updateuser') new_user = form.getvalue('updateuser')
user_id = form.getvalue('id') user_id = form.getvalue('id')
activeuser = form.getvalue('activeuser') activeuser = form.getvalue('activeuser')
group_id = int(form.getvalue('usergroup')) group_id = int(form.getvalue('usergroup'))
if roxywi_common.check_user_group(): if roxywi_common.check_user_group():
if roxywi_auth.is_admin(level=role_id): if form.getvalue('role'):
sql.update_user(new_user, email, role_id, user_id, activeuser) role_id = int(form.getvalue('role'))
sql.update_user_role(user_id, group_id, role_id) if roxywi_auth.is_admin(level=role_id):
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1) sql.update_user(new_user, email, role_id, user_id, activeuser)
sql.update_user_role(user_id, group_id, role_id)
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
else:
roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
else: else:
roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1) sql.update_user_from_admin_area(new_user, email, user_id, activeuser)
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
def update_user_password(): def update_user_password():

Loading…
Cancel
Save