Added validation to reject things disallowed on the current user

master
Evan Harris 6 years ago
parent a4c62f6860
commit 983d688cce
No known key found for this signature in database
GPG Key ID: FF3BD4DA59FF9EDC
  1. 14
      airsonic-main/src/main/java/org/airsonic/player/validator/UserSettingsValidator.java
  2. 2
      airsonic-main/src/main/webapp/WEB-INF/jsp/userSettings.jsp

@ -29,6 +29,8 @@ import org.springframework.stereotype.Component;
import org.springframework.validation.Errors;
import org.springframework.validation.Validator;
import javax.servlet.http.HttpServletRequest;
/**
* Validator for {@link UserSettingsController}.
*
@ -41,6 +43,8 @@ public class UserSettingsValidator implements Validator {
private SecurityService securityService;
@Autowired
private SettingsService settingsService;
@Autowired
private HttpServletRequest request;
/**
* {@inheritDoc}
@ -85,6 +89,16 @@ public class UserSettingsValidator implements Validator {
errors.rejectValue("password", "usersettings.passwordnotsupportedforldap");
}
if (securityService.getCurrentUser(request).getUsername().equals(username)) {
// These errors don't need translation since the option isn't exposed to the user
if (command.isDeleteUser()) {
errors.rejectValue("deleteUser", null, "Cannot delete the current user");
}
if (! command.isAdminRole()) {
errors.rejectValue("adminRole", null, "Cannot remove admin from the current user");
}
}
}
}

@ -66,6 +66,7 @@
<tr style="${command.currentUser ? 'display:none' : ''}">
<td><form:checkbox path="adminRole" id="admin" cssClass="checkbox"/></td>
<td><label for="admin"><fmt:message key="usersettings.admin"/></label></td>
<td class="warning"><form:errors path="adminRole"/></td>
</tr>
<tr>
<td><form:checkbox path="settingsRole" id="settings" cssClass="checkbox"/></td>
@ -141,6 +142,7 @@
<tr>
<td><form:checkbox path="deleteUser" id="delete" cssClass="checkbox"/></td>
<td><label for="delete"><fmt:message key="usersettings.delete"/></label></td>
<td class="warning"><form:errors path="deleteUser"/></td>
</tr>
</table>
</c:if>

Loading…
Cancel
Save