From 3e95b0f4487c2f540cf35d640202013432dbd58b Mon Sep 17 00:00:00 2001
From: adurti <adurti.v@tataelxsi.co.in>
Date: Thu, 6 Mar 2025 14:12:36 +0000
Subject: [PATCH] Bug 2403 Fixed: Able to change username of other users with
 no admin privileges

Change-Id: If5648c82e8bf2cd746877e560c14851a585f4385
Signed-off-by: adurti <adurti.v@tataelxsi.co.in>
---
 osm_nbi/admin_topics.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py
index e560887..e496806 100644
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py
@@ -1131,6 +1131,16 @@ class UserTopicAuth(UserTopic):
                                 http_code=HTTPStatus.BAD_REQUEST,
                             )
 
+            # username change
+            if indata.get("username"):
+                if not session.get("admin_show"):
+                    if not indata.get("system_admin_id"):
+                        if _id != session["user_id"]:
+                            raise EngineException(
+                                "You are not allowed to change other users username",
+                                http_code=HTTPStatus.BAD_REQUEST,
+                            )
+
             # user = self.show(session, _id)   # Already in 'content'
             original_mapping = content["project_role_mappings"]
 
-- 
2.25.1