NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-19 09:45:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix any user can recieve all api keys

Browse Source
This commit is contained in:
Andrew 2022-06-18 16:20:57 -04:00
parent 5bb17eae33
commit fd0da1ef20
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/classes/web/panel_handler.py
View File

@ -1926,6 +1926,12 @@ class PanelHandler(BaseHandler):
self.redirect("/panel/error?error=Invalid Key ID") self.redirect("/panel/error?error=Invalid Key ID")
return return
if key.user_id != exec_user["user_id"]:
self.redirect(
"/panel/error?error=You are not authorized to access this key."
)
return
self.controller.management.add_to_audit_log( self.controller.management.add_to_audit_log(
exec_user["user_id"], exec_user["user_id"],
f"Generated a new API token for the key {key.name} " f"Generated a new API token for the key {key.name} "