diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 46bddeb8859ce9129602876104ef5dafd106b733..8ca0b2d21970a31377789a96b19cba2697a37203 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -1104,6 +1104,21 @@ class UserTopicAuth(UserTopic): http_code=HTTPStatus.UNPROCESSABLE_ENTITY, ) + # password change + if indata.get("password"): + if not session.get("admin_show"): + if not indata.get("system_admin_id"): + if _id != session["user_id"]: + raise EngineException( + "You are not allowed to change other users password", + http_code=HTTPStatus.BAD_REQUEST, + ) + if not indata.get("old_password"): + raise EngineException( + "Password change requires old password or admin ID", + http_code=HTTPStatus.BAD_REQUEST, + ) + # user = self.show(session, _id) # Already in 'content' original_mapping = content["project_role_mappings"] diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index 1bb79275f7a76816a8dbc951aa24f0772011faae..1b03ea5911ac5ca8033a56c4d7ff2700a71ae0b5 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -1512,6 +1512,7 @@ class Server(object): "username": token_info["username"], "user_id": token_info["user_id"], "admin": token_info["admin"], + "admin_show": token_info["admin_show"], "public": None, "allow_show_user_project_role": token_info["allow_show_user_project_role"], } diff --git a/osm_nbi/tests/test_admin_topics.py b/osm_nbi/tests/test_admin_topics.py index a4c49181ea7b5ded95e0e770961fd90e94bcfd45..2ecdbf72379c37d641fcd330cf24c2bb086f7414 100755 --- a/osm_nbi/tests/test_admin_topics.py +++ b/osm_nbi/tests/test_admin_topics.py @@ -927,6 +927,7 @@ class Test_UserTopicAuth(TestCase): pid1 = str(uuid4()) rid1 = str(uuid4()) self.fake_session["user_id"] = uid + self.fake_session["admin_show"] = True prms = [ { "project": pid1,