only admins can change rightslevel

2018-05-31 17:27:05 +02:00 · 2018-05-31 17:27:05 +02:00 · 7acc562b53
commit 7acc562b53
parent 717248bc73
2 changed files with 21 additions and 13 deletions
--- a/pandora/user/views.py
+++ b/pandora/user/views.py
@ -362,7 +362,7 @@ def editUser(request, data):
            response = json_response(status=403, text='email already in use')
            return render_to_json_response(response)
        user.email = data['email']
-    if 'level' in data:
+    if 'level' in data and request.user.profile.get_level() == 'admin':
        profile.set_level(data['level'])
    if 'notes' in data:
        profile.notes = data['notes']
--- a/static/js/usersDialog.js
+++ b/static/js/usersDialog.js
@ -680,19 +680,27 @@ pandora.ui.usersDialog = function() {

                        }
                    }),
-                Ox.Select({
-                    id: 'level',
-                    items: pandora.site.userLevels.slice(1).map(function(level) {
-                        return {
-                            id: level,
-                            title: Ox.toTitleCase(level)
-                        };
+                pandora.user.level == 'admin'
+                    ? Ox.Select({
+                        id: 'level',
+                        items: pandora.site.userLevels.slice(1).map(function(level) {
+                            return {
+                                id: level,
+                                title: Ox.toTitleCase(level)
+                            };
+                        }),
+                        label: Ox._('Level'),
+                        labelWidth: 80,
+                        value: user.level,
+                        width: formWidth - 16
+                    }) : Ox.Input({
+                        disabled: true,
+                        id: 'level',
+                        label: Ox._('Level'),
+                        labelWidth: 80,
+                        value: Ox.toTitleCase(user.level),
+                        width: formWidth - 16
                    }),
-                    label: Ox._('Level'),
-                    labelWidth: 80,
-                    value: user.level,
-                    width: formWidth - 16
-                }),
                Ox.Checkbox({
                        id: 'newsletter',
                        label: Ox._('Newsletter'),