add owner protection for reseller center

usmannasir · usmannasir · commit 266cfc889b71 · 2020-02-18T11:32:21.000+05:00
diff --git a/userManagment/views.py b/userManagment/views.py
@@ -908,9 +908,16 @@ def saveResellerChanges(request):
         else:
             return ACLManager.loadErrorJson()
 
+        loggedUser = Administrator.objects.get(pk=val)
+
         userToBeModified = Administrator.objects.get(userName=data['userToBeModified'])
         newOwner = Administrator.objects.get(userName=data['newOwner'])
 
+        ### Check user owners
+
+        if ACLManager.checkUserOwnerShip(currentACL, loggedUser, userToBeModified) == 0 or ACLManager.checkUserOwnerShip(currentACL, loggedUser, newOwner) == 0:
+            return ACLManager.loadErrorJson()
+
         try:
             if ACLManager.websitesLimitCheck(newOwner, data['websitesLimit'], userToBeModified) == 0:
                 finalResponse = {'status': 0,
diff --git a/websiteFunctions/static/websiteFunctions/websiteFunctions.css b/websiteFunctions/static/websiteFunctions/websiteFunctions.css
@@ -236,4 +236,4 @@ a:hover {
 
 .btn-min-width {
     min-width: 300px;
-}
+}
