only admins can change rightslevel

This commit is contained in:
j 2018-05-31 17:27:05 +02:00
parent 717248bc73
commit 7acc562b53
2 changed files with 21 additions and 13 deletions

View file

@ -362,7 +362,7 @@ def editUser(request, data):
response = json_response(status=403, text='email already in use') response = json_response(status=403, text='email already in use')
return render_to_json_response(response) return render_to_json_response(response)
user.email = data['email'] user.email = data['email']
if 'level' in data: if 'level' in data and request.user.profile.get_level() == 'admin':
profile.set_level(data['level']) profile.set_level(data['level'])
if 'notes' in data: if 'notes' in data:
profile.notes = data['notes'] profile.notes = data['notes']

View file

@ -680,19 +680,27 @@ pandora.ui.usersDialog = function() {
} }
}), }),
Ox.Select({ pandora.user.level == 'admin'
id: 'level', ? Ox.Select({
items: pandora.site.userLevels.slice(1).map(function(level) { id: 'level',
return { items: pandora.site.userLevels.slice(1).map(function(level) {
id: level, return {
title: Ox.toTitleCase(level) id: level,
}; title: Ox.toTitleCase(level)
};
}),
label: Ox._('Level'),
labelWidth: 80,
value: user.level,
width: formWidth - 16
}) : Ox.Input({
disabled: true,
id: 'level',
label: Ox._('Level'),
labelWidth: 80,
value: Ox.toTitleCase(user.level),
width: formWidth - 16
}), }),
label: Ox._('Level'),
labelWidth: 80,
value: user.level,
width: formWidth - 16
}),
Ox.Checkbox({ Ox.Checkbox({
id: 'newsletter', id: 'newsletter',
label: Ox._('Newsletter'), label: Ox._('Newsletter'),