platform_query = Query().get('local:platform').select('platform_id','platform')
platform_details = execute_query(request, platform_query)
- # getting the user_id from the session
- for user_detail in user_details:
- user_id = user_detail['user_id']
- user_email = user_detail['email']
+ # getting the user_id from the session
+ for user_detail in user_details:
+ user_id = user_detail['user_id']
+ user_email = user_detail['email']
+ try:
+ if user_email == request.user.email:
+ authorize_query = True
+ else:
+ print "SECURITY: %s tried to update %s" % (user_email, request.user.email)
+ messages.error(request, 'You are not authorized to modify another user.')
+ return HttpResponseRedirect("/portal/account/")
+ except Exception,e:
+ print "Exception = %s" % e
for account_detail in account_details:
for platform_detail in platform_details:
if 'email' in user_params:
user_params['user_email'] = user_params['email']
query = Query.update('user').filter_by('user_hrn', '==', user_hrn).set(user_params).select('user_hrn')
- results = execute_query(request,query)
+ results = execute_admin_query(request,query)
return results
def sfa_add_authority(request, authority_params):
git://git.onelab.eu / myslice.git / commitdiff