This is an automated email from the ASF dual-hosted git repository.
ocket8888 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 403968919a return correct error when user updates their role (#7415)
403968919a is described below
commit 403968919adf12c53bb5a749c1fd5e3834b99716
Author: Kunal Kundu <[email protected]>
AuthorDate: Wed Mar 22 02:12:27 2023 +0530
return correct error when user updates their role (#7415)
---
traffic_ops/traffic_ops_golang/user/current.go | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/traffic_ops/traffic_ops_golang/user/current.go
b/traffic_ops/traffic_ops_golang/user/current.go
index 6caecb10ca..7943e66acc 100644
--- a/traffic_ops/traffic_ops_golang/user/current.go
+++ b/traffic_ops/traffic_ops_golang/user/current.go
@@ -567,6 +567,19 @@ func ReplaceCurrentV4(w http.ResponseWriter, r
*http.Request) {
return
}
+ roleID, ok, err := dbhelpers.GetRoleIDFromName(tx, user.Role)
+ if err != nil {
+ api.HandleErr(w, r, tx, http.StatusInternalServerError, nil,
err)
+ return
+ } else if !ok {
+ api.HandleErr(w, r, tx, http.StatusNotFound, errors.New("no
such role"), nil)
+ return
+ }
+ if inf.User.Role != roleID {
+ api.HandleErr(w, r, tx, http.StatusBadRequest,
fmt.Errorf("users cannot update their own role"), nil)
+ return
+ }
+
changePasswd := false
// obfuscate password
