security fix: CP-12: CP-12: Admin Packages Modify Package

usmannasir · Aug 7, 2021 · 3aa9deb · 3aa9deb
1 parent 276ebdc
commit 3aa9deb
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/packages/packagesManager.py b/packages/packagesManager.py
@@ -148,6 +148,11 @@ def submitModify(self):
 
             modifyPack = Package.objects.get(packageName=packageName)
 
+            ## Check package ownership
+            admin = Administrator.objects.get(pk=userID)
+            if ACLManager.CheckPackageOwnership(modifyPack, admin, currentACL) == 0:
+                return ACLManager.loadErrorJson('deleteStatus', 0)
+
             diskSpace = modifyPack.diskSpace
             bandwidth = modifyPack.bandwidth
             ftpAccounts = modifyPack.ftpAccounts