security fix: CP-22: Websites – Modify Website

usmannasir · Aug 20, 2021 · 9a47edc · 9a47edc
1 parent bf42a54
commit 9a47edc
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
@@ -766,6 +766,12 @@ def saveWebsiteChanges(self, userID=None, data=None):
             else:
                 return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
 
+            newOwner = Administrator.objects.get(userName=newUser)
+            if ACLManager.checkUserOwnerShip(currentACL, admin, newOwner) == 1:
+                pass
+            else:
+                return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
+
             confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain
             completePathToConfigFile = confPath + "/vhost.conf"