Skip to content

Commit

Permalink
Forbid deletion of current user for admins
Browse files Browse the repository at this point in the history
  • Loading branch information
ekhomyakova committed Sep 3, 2018
1 parent 9ebff75 commit 0db8a88
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
7 changes: 7 additions & 0 deletions kqueen/blueprints/api/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -546,6 +546,13 @@ def get_policy_key(self):
policy_key = super().get_policy_key()
return '{}_{}'.format(policy_key, self.obj.role)

def dispatch_request(self, *args, **kwargs):
self.check_authentication()
if str(kwargs['pk']) == current_identity.id:
abort(400, "You can not delete yourself")

return super().dispatch_request(*args, **kwargs)


api.add_url_rule('/users', view_func=ListUsers.as_view('user_list'))
api.add_url_rule('/users', view_func=CreateUser.as_view('user_create'))
Expand Down
1 change: 0 additions & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@
'google-auth-httplib2==0.0.3',
'azure-common==1.1.9',
'azure-mgmt-containerservice==3.0.0',
'msrestazure==0.4.25',
'urllib3==1.22'
],
setup_requires=[
Expand Down

0 comments on commit 0db8a88

Please sign in to comment.