Bug 2403 Fixed: Able to change username of other users with no admin privileges

Change-Id: If5648c82e8bf2cd746877e560c14851a585f4385 Signed-off-by: adurti <adurti.v@tataelxsi.co.in> Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>

Bug 2403 Fixed: Able to change username of other users with no admin privileges
Change-Id: If5648c82e8bf2cd746877e560c14851a585f4385 Signed-off-by: adurti <adurti.v@tataelxsi.co.in> Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
a2c31fb7 · Bharath Vamsi Adurti · garciadeblas · 9103e544 · a2c31fb7
Commit a2c31fb7 authored 1 month ago by Bharath Vamsi Adurti Committed by garciadeblas 1 month ago
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py
@@ -1096,6 +1096,16 @@ class UserTopicAuth(UserTopic):
                                http_code=HTTPStatus.BAD_REQUEST,
                            )

+            # username change
+            if indata.get("username"):
+                if not session.get("admin_show"):
+                    if not indata.get("system_admin_id"):
+                        if _id != session["user_id"]:
+                            raise EngineException(
+                                "You are not allowed to change other users username",
+                                http_code=HTTPStatus.BAD_REQUEST,
+                            )
+
            # user = self.show(session, _id)   # Already in 'content'
            original_mapping = content["project_role_mappings"]