Commit 8911f933 by Dányi Bence

webui: security enhanced

parent 4d769b8e
...@@ -239,6 +239,7 @@ def group_ajax_delete(request): ...@@ -239,6 +239,7 @@ def group_ajax_delete(request):
@login_required @login_required
def group_ajax_owner_autocomplete(request): def group_ajax_owner_autocomplete(request):
results = map(lambda u: { results = map(lambda u: {
'name': u.get_full_name(), 'name': u.get_full_name(),
'neptun': u.username }, User.objects.filter(last_name__startswith=request.POST['q'])[:5]) 'neptun': u.username }, User.objects.filter(last_name__startswith=request.POST['q'])[:5])
...@@ -252,6 +253,8 @@ def group_ajax_owner_autocomplete(request): ...@@ -252,6 +253,8 @@ def group_ajax_owner_autocomplete(request):
@login_required @login_required
def group_ajax_add_new_owner(request, gid): def group_ajax_add_new_owner(request, gid):
if request.user.cloud_details.share_quota == 0:
return HttpResponse({'status': 'denied'})
group = get_object_or_404(Group, id=gid) group = get_object_or_404(Group, id=gid)
member = request.POST['neptun'] member = request.POST['neptun']
if re.match('^[a-zA-Z][a-zA-Z0-9]{5}$', member.strip()) == None: if re.match('^[a-zA-Z][a-zA-Z0-9]{5}$', member.strip()) == None:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment