Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

update password reset check for user PATCH request (#238)

Browse source
This commit is contained in:
Victor Vrantchan 2016-09-26 12:29:51 -04:00 committed by GitHub
parent 1e5a0f8f88
commit 14240cbabf
1 changed files with 3 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
server/endpoint_middleware.go
View file

@ -107,12 +107,6 @@ func validateModifyUserRequest(next endpoint.Endpoint) endpoint.Endpoint {
badArgs = append(badArgs, invalidArgument{name: field, reason: "no write permissions on user"})
}
}
if p.Password != nil {
if !vc.IsUserID(uid) || !vc.IsAdmin() {
badArgs = append(badArgs,
invalidArgument{name: "password", reason: "must be an admin or own account"})
}
}
if len(badArgs) != 0 {
return nil, permissionError{badArgs: badArgs}
}
@ -151,6 +145,9 @@ func requireRoleForUserModification(p kolide.UserPayload) map[permission][]strin
if p.Email != nil {
selfFields = append(selfFields, "email")
}
if p.Password != nil {
selfFields = append(selfFields, "password")
}
// self is always a must, otherwise
// anyone can edit the field, and we don't have that requirement
must[self] = selfFields