Bug 2403 Fixed: Able to change username of other users with no admin privileges Change-Id: If5648c82e8bf2cd746877e560c14851a585f4385 Signed-off-by: adurti <adurti.v@tataelxsi.co.in> Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>

commit: 5f569fec058a1458e35a63a436d4d09355ab07fd [log] [tgz]
author: adurti <adurti.v@tataelxsi.co.in> Thu Mar 06 14:12:36 2025 +0000
committer: garciadeblas <gerardo.garciadeblas@telefonica.com> Tue Mar 11 23:14:36 2025 +0100
tree: c9765a0b62e8343a947519950db08390788fcb14
parent: b006e8635bee379b6e405c38c43fe0839f80fe11 [diff]
diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py
index 768820f..b5246cb 100644
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py

@@ -1085,6 +1085,16 @@
                                 http_code=HTTPStatus.BAD_REQUEST,
                             )
 
+            # username change
+            if indata.get("username"):
+                if not session.get("admin_show"):
+                    if not indata.get("system_admin_id"):
+                        if _id != session["user_id"]:
+                            raise EngineException(
+                                "You are not allowed to change other users username",
+                                http_code=HTTPStatus.BAD_REQUEST,
+                            )
+
             # user = self.show(session, _id)   # Already in 'content'
             original_mapping = content["project_role_mappings"]
commit	5f569fec058a1458e35a63a436d4d09355ab07fd	[log] [tgz]
author	adurti <adurti.v@tataelxsi.co.in>	Thu Mar 06 14:12:36 2025 +0000
committer	garciadeblas <gerardo.garciadeblas@telefonica.com>	Tue Mar 11 23:14:36 2025 +0100
tree	c9765a0b62e8343a947519950db08390788fcb14
parent	b006e8635bee379b6e405c38c43fe0839f80fe11 [diff]