Skip to content

Commit

Permalink
Do not require old password verification when current user is a sysad…
Browse files Browse the repository at this point in the history
…min. Add an is_sysadmin template value for user_edit_form.html
  • Loading branch information
TkTech committed Aug 1, 2017
1 parent f18d709 commit f3a8ead
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 8 deletions.
31 changes: 23 additions & 8 deletions ckan/controllers/user.py
@@ -1,3 +1,4 @@
# =*- coding: utf-8 -*-
import logging

from pylons import config
Expand Down Expand Up @@ -33,6 +34,10 @@
unflatten = dictization_functions.unflatten


def require_sudo_mode():
pass


def set_repoze_user(user_id):
'''Set the repoze.who cookie to match a given user_id'''
if 'repoze.who.plugins' in request.environ:
Expand Down Expand Up @@ -277,6 +282,8 @@ def edit(self, id=None, data=None, errors=None, error_summary=None):
except NotAuthorized:
abort(401, _('Unauthorized to edit a user.'))

require_sudo_mode()

if (context['save']) and not data:
return self._save_edit(id, context)

Expand Down Expand Up @@ -305,12 +312,18 @@ def edit(self, id=None, data=None, errors=None, error_summary=None):
(str(c.user), id))

errors = errors or {}
vars = {'data': data, 'errors': errors, 'error_summary': error_summary}
vars = {
'data': data,
'errors': errors,
'error_summary': error_summary,
'is_sysadmin': authz.is_sysadmin(c.user)
}

self._setup_template_variables({'model': model,
'session': model.Session,
'user': c.user or c.author},
data_dict)
self._setup_template_variables({
'model': model,
'session': model.Session,
'user': c.user or c.author
}, data_dict)

c.is_myself = True
c.show_email_notifications = h.asbool(
Expand All @@ -332,9 +345,11 @@ def _save_edit(self, id, context):
context['message'] = data_dict.get('log_message', '')
data_dict['id'] = id

if data_dict['password1'] and data_dict['password2']:
identity = {'login': c.user,
'password': data_dict['old_password']}
if not c.userobj.sysadmin:
identity = {
'login': c.user,
'password': data_dict['old_password']
}
auth = authenticator.UsernamePasswordAuthenticator()

if auth.authenticate(request.environ, identity) != c.user:
Expand Down
2 changes: 2 additions & 0 deletions ckan/templates/user/edit_user_form.html
Expand Up @@ -24,7 +24,9 @@

<fieldset>
<legend>{{ _('Change password') }}</legend>
{% if not is_sysadmin %}
{{ form.input('old_password', type='password', label=_('Old Password'), id='field-password', value=data.oldpassword, error=errors.oldpassword, classes=['control-medium'], attrs={'autocomplete': 'off'} ) }}
{% endif %}

{{ form.input('password1', type='password', label=_('Password'), id='field-password', value=data.password1, error=errors.password1, classes=['control-medium'], attrs={'autocomplete': 'off'} ) }}

Expand Down

0 comments on commit f3a8ead

Please sign in to comment.