Bug 2403 Fixed: Able to change username of other users with no admin privileges

author adurti <adurti.v@tataelxsi.co.in>

Thu, 6 Mar 2025 14:12:36 +0000 (14:12 +0000)

committer garciadeblas <gerardo.garciadeblas@telefonica.com>

Tue, 11 Mar 2025 22:14:36 +0000 (23:14 +0100)
author adurti <adurti.v@tataelxsi.co.in>
Thu, 6 Mar 2025 14:12:36 +0000 (14:12 +0000)
committer garciadeblas <gerardo.garciadeblas@telefonica.com>
Tue, 11 Mar 2025 22:14:36 +0000 (23:14 +0100)
diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py

index 768820f..b5246cb 100644 (file)
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py
@@ -1085,6 +1085,16 @@ class UserTopicAuth(UserTopic):
                                  http_code=HTTPStatus.BAD_REQUEST,
                              )
  
+            # username change
+            if indata.get("username"):
+                if not session.get("admin_show"):
+                    if not indata.get("system_admin_id"):
+                        if _id != session["user_id"]:
+                            raise EngineException(
+                                "You are not allowed to change other users username",
+                                http_code=HTTPStatus.BAD_REQUEST,
+                            )
+
              # user = self.show(session, _id)   # Already in 'content'
              original_mapping = content["project_role_mappings"]
author	adurti <adurti.v@tataelxsi.co.in>
	Thu, 6 Mar 2025 14:12:36 +0000 (14:12 +0000)
committer	garciadeblas <gerardo.garciadeblas@telefonica.com>
	Tue, 11 Mar 2025 22:14:36 +0000 (23:14 +0100)