security fix: CP-22: Websites – Modify Website

usmannasir · usmannasir · commit 9a47edc9ec4a · 2021-08-20T15:40:23.000+05:00
diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
@@ -766,6 +766,12 @@ def saveWebsiteChanges(self, userID=None, data=None):
             else:
                 return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
 
+            newOwner = Administrator.objects.get(userName=newUser)
+            if ACLManager.checkUserOwnerShip(currentACL, admin, newOwner) == 1:
+                pass
+            else:
+                return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
+
             confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain
             completePathToConfigFile = confPath + "/vhost.conf"
 
