You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kibble.apache.org by hu...@apache.org on 2017/10/20 13:35:30 UTC

[kibble] 06/12: only admins should have access to this page

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git

commit 05305459da3e1d8cee5f1725d757b5115e8725d8
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Fri Oct 20 15:12:26 2017 +0200

    only admins should have access to this page
---
 api/pages/org/members.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/pages/org/members.py b/api/pages/org/members.py
index e2d09d8..2d82d27 100644
--- a/api/pages/org/members.py
+++ b/api/pages/org/members.py
@@ -225,6 +225,10 @@ def run(API, environ, indata, session):
         if not session.DB.ES.exists(index=session.DB.dbname, doc_type='organisation', id = orgid):
             raise API.exception(403, "No such organisation!")
         
+        # Only admins should be able to view this!
+        if not canInvite(session):
+            raise API.exception(403, "Only organisation owners can view this list.")
+        
         # Find everyone affiliated with this org
         query = {
                     'query': {

-- 
To stop receiving notification emails like this one, please contact
"commits@kibble.apache.org" <co...@kibble.apache.org>.