Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

don't allow admins to change their own permissions

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-11-09 20:24:35 +01:00
parent 30fb1d6240
commit ef98ee7d11
7 changed files with 24 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/httpd/httpd_test.go
View File

@@ -11843,7 +11843,7 @@ func TestUpdateAdminMock(t *testing.T) {
setBearerForReq(req, token)
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), "you cannot remove these permissions to yourself")
assert.Contains(t, rr.Body.String(), "you cannot change your permissions")
admin.Permissions = []string{dataprovider.PermAdminAny}
admin.Role = "missing role"
asJSON, err = json.Marshal(admin)
@@ -11858,7 +11858,7 @@ func TestUpdateAdminMock(t *testing.T) {
altToken, err := getJWTAPITokenFromTestServer(altAdminUsername, defaultTokenAuthPass)
assert.NoError(t, err)
admin.Password = "" // it must remain unchanged
admin.Permissions = []string{dataprovider.PermAdminManageAdmins, dataprovider.PermAdminCloseConnections}
admin.Permissions = []string{dataprovider.PermAdminManageAdmins}
asJSON, err = json.Marshal(admin)
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodPut, path.Join(adminPath, altAdminUsername), bytes.NewBuffer(asJSON))