X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=portal%2Faccountview.py;h=c8c177935fafc37de05390a8d31af22a138465cd;hb=81b26874c7720af08e80550a1c9218d0fc027dea;hp=325796bce243e3b71702b3b7dd5fb7a46be24e7f;hpb=38deb95de7c5d9cad0dd75deb00b04971dbb01bc;p=unfold.git

diff --git a/portal/accountview.py b/portal/accountview.py
index 325796bc..c8c17793 100644
--- a/portal/accountview.py
+++ b/portal/accountview.py
@@ -261,10 +261,19 @@ def account_process(request):
     platform_query  = Query().get('local:platform').select('platform_id','platform')
     platform_details = execute_query(request, platform_query)
     
-    # getting the user_id from the session
-    for user_detail in user_details:
-            user_id = user_detail['user_id']
-            user_email = user_detail['email']
+    # getting the user_id from the session                                            
+    for user_detail in user_details:                                                  
+        user_id = user_detail['user_id']                                              
+        user_email = user_detail['email']                                             
+        try:
+            if user_email == request.user.email:                                          
+                authorize_query = True                                                    
+            else:                                                                         
+                print "SECURITY: %s tried to update %s" % (user_email, request.user.email)
+                messages.error(request, 'You are not authorized to modify another user.') 
+                return HttpResponseRedirect("/portal/account/")                               
+        except Exception,e:
+            print "Exception = %s" % e
 
     for account_detail in account_details:
         for platform_detail in platform_details: