security check for user creation

usmannasir · usmannasir · commit 27562930461a · 2020-01-21T19:53:58.000+05:00
diff --git a/userManagment/views.py b/userManagment/views.py
@@ -91,7 +91,6 @@ def apiAccess(request):
         logging.CyberCPLogFileWriter.writeToFile(str(msg))
         return redirect(loadLoginPage)
 
-
 def saveChangesAPIAccess(request):
     try:
         userID = request.session['userID']
@@ -123,7 +122,6 @@ def saveChangesAPIAccess(request):
         json_data = json.dumps(finalResponse)
         return HttpResponse(json_data)
 
-
 def submitUserCreation(request):
     try:
 
@@ -200,6 +198,13 @@ def submitUserCreation(request):
                 newAdmin.save()
             elif currentACL['createNewUser'] == 1:
 
+                if selectedACL != 'user':
+                    data_ret = {'status': 0, 'createStatus': 0,
+                                'error_message': "You are not authorized to access this resource."}
+
+                    final_json = json.dumps(data_ret)
+                    return HttpResponse(final_json)
+
                 newAdmin = Administrator(firstName=firstName,
                                          lastName=lastName,
                                          email=email,
