Disallow deleting your own user or removing admin role

master
Evan Harris 6 years ago
parent f8bd580fb7
commit a4c62f6860
  1. 9
      airsonic-main/src/main/java/org/airsonic/player/command/UserSettingsCommand.java
  2. 1
      airsonic-main/src/main/java/org/airsonic/player/controller/UserSettingsController.java
  3. 4
      airsonic-main/src/main/webapp/WEB-INF/jsp/userSettings.jsp

@ -46,6 +46,7 @@ public class UserSettingsCommand {
private List<User> users; private List<User> users;
private boolean isAdmin; private boolean isAdmin;
private boolean isCurrentUser;
private boolean isPasswordChange; private boolean isPasswordChange;
private boolean isNewUser; private boolean isNewUser;
private boolean isDeleteUser; private boolean isDeleteUser;
@ -166,6 +167,14 @@ public class UserSettingsCommand {
isAdmin = admin; isAdmin = admin;
} }
public boolean isCurrentUser() {
return isCurrentUser;
}
public void setCurrentUser(boolean currentUser) {
isCurrentUser = currentUser;
}
public boolean isPasswordChange() { public boolean isPasswordChange() {
return isPasswordChange; return isPasswordChange;
} }

@ -87,6 +87,7 @@ public class UserSettingsController {
UserSettings userSettings = settingsService.getUserSettings(user.getUsername()); UserSettings userSettings = settingsService.getUserSettings(user.getUsername());
command.setTranscodeSchemeName(userSettings.getTranscodeScheme().name()); command.setTranscodeSchemeName(userSettings.getTranscodeScheme().name());
command.setAllowedMusicFolderIds(Util.toIntArray(getAllowedMusicFolderIds(user))); command.setAllowedMusicFolderIds(Util.toIntArray(getAllowedMusicFolderIds(user)));
command.setCurrentUser(securityService.getCurrentUser(request).getUsername().equals(user.getUsername()));
} else { } else {
command.setNewUser(true); command.setNewUser(true);
command.setStreamRole(true); command.setStreamRole(true);

@ -63,7 +63,7 @@
<form:form method="post" action="userSettings.view" modelAttribute="command"> <form:form method="post" action="userSettings.view" modelAttribute="command">
<table style="${command.admin ? 'display:none' : ''}"> <table style="${command.admin ? 'display:none' : ''}">
<tr> <tr style="${command.currentUser ? 'display:none' : ''}">
<td><form:checkbox path="adminRole" id="admin" cssClass="checkbox"/></td> <td><form:checkbox path="adminRole" id="admin" cssClass="checkbox"/></td>
<td><label for="admin"><fmt:message key="usersettings.admin"/></label></td> <td><label for="admin"><fmt:message key="usersettings.admin"/></label></td>
</tr> </tr>
@ -136,7 +136,7 @@
</tr> </tr>
</table> </table>
<c:if test="${not command.newUser and not command.admin}"> <c:if test="${not command.newUser and not command.admin and not command.currentUser}">
<table class="indent"> <table class="indent">
<tr> <tr>
<td><form:checkbox path="deleteUser" id="delete" cssClass="checkbox"/></td> <td><form:checkbox path="deleteUser" id="delete" cssClass="checkbox"/></td>

Loading…
Cancel
Save