Commit 8911f933 by Dányi Bence

webui: security enhanced

parent 4d769b8e
......@@ -239,6 +239,7 @@ def group_ajax_delete(request):
@login_required
def group_ajax_owner_autocomplete(request):
results = map(lambda u: {
'name': u.get_full_name(),
'neptun': u.username }, User.objects.filter(last_name__startswith=request.POST['q'])[:5])
......@@ -252,6 +253,8 @@ def group_ajax_owner_autocomplete(request):
@login_required
def group_ajax_add_new_owner(request, gid):
if request.user.cloud_details.share_quota == 0:
return HttpResponse({'status': 'denied'})
group = get_object_or_404(Group, id=gid)
member = request.POST['neptun']
if re.match('^[a-zA-Z][a-zA-Z0-9]{5}$', member.strip()) == None:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment