git://git.onelab.eu / myslice.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Using execute_admin_query in actions.py to enable AccountView to generate new keys...
[myslice.git] / portal / accountview.py
diff --git a/portal/accountview.py b/portal/accountview.py
index 325796b..c8c1779 100644 (file)
--- a/portal/accountview.py
+++ b/portal/accountview.py
@@ -261,10 +261,19 @@ def account_process(request):
     platform_query  = Query().get('local:platform').select('platform_id','platform')
     platform_details = execute_query(request, platform_query)
     
-    # getting the user_id from the session
-    for user_detail in user_details:
-            user_id = user_detail['user_id']
-            user_email = user_detail['email']
+    # getting the user_id from the session                                            
+    for user_detail in user_details:                                                  
+        user_id = user_detail['user_id']                                              
+        user_email = user_detail['email']                                             
+        try:
+            if user_email == request.user.email:                                          
+                authorize_query = True                                                    
+            else:                                                                         
+                print "SECURITY: %s tried to update %s" % (user_email, request.user.email)
+                messages.error(request, 'You are not authorized to modify another user.') 
+                return HttpResponseRedirect("/portal/account/")                               
+        except Exception,e:
+            print "Exception = %s" % e
 
     for account_detail in account_details:
         for platform_detail in platform_details:
myslice (django)