From: adurti Date: Thu, 6 Mar 2025 14:12:36 +0000 (+0000) Subject: Bug 2403 Fixed: Able to change username of other users with no admin privileges X-Git-Tag: v14.0.3^0 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=a2c31fb7a173734c3292cc191242120325b5defa;p=osm%2FNBI.git Bug 2403 Fixed: Able to change username of other users with no admin privileges Change-Id: If5648c82e8bf2cd746877e560c14851a585f4385 Signed-off-by: adurti Signed-off-by: garciadeblas --- diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index ca886dc..7c6ad9c 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -1096,6 +1096,16 @@ class UserTopicAuth(UserTopic): http_code=HTTPStatus.BAD_REQUEST, ) + # username change + if indata.get("username"): + if not session.get("admin_show"): + if not indata.get("system_admin_id"): + if _id != session["user_id"]: + raise EngineException( + "You are not allowed to change other users username", + http_code=HTTPStatus.BAD_REQUEST, + ) + # user = self.show(session, _id) # Already in 'content' original_mapping = content["project_role_mappings"]