aboutsummaryrefslogtreecommitdiff
path: root/web/app/view/user
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-06-27 10:50:40 +1200
committerAnton Tananaev <anton.tananaev@gmail.com>2015-06-27 10:50:40 +1200
commit136be53a084b84a0a764d0d326146fca241733f4 (patch)
treed8f4756ecbd1376a51d40bee085e595f6c64d8b3 /web/app/view/user
parentdeea5b703fd83e699d62600d93b3e28ac71188a1 (diff)
downloadtraccar-server-136be53a084b84a0a764d0d326146fca241733f4.tar.gz
traccar-server-136be53a084b84a0a764d0d326146fca241733f4.tar.bz2
traccar-server-136be53a084b84a0a764d0d326146fca241733f4.zip
Fix user security issue
Diffstat (limited to 'web/app/view/user')
-rw-r--r--web/app/view/user/UserDialog.js4
-rw-r--r--web/app/view/user/UserDialogController.js6
2 files changed, 9 insertions, 1 deletions
diff --git a/web/app/view/user/UserDialog.js b/web/app/view/user/UserDialog.js
index 7b6dc4199..fba182eb1 100644
--- a/web/app/view/user/UserDialog.js
+++ b/web/app/view/user/UserDialog.js
@@ -50,7 +50,9 @@ Ext.define('Traccar.view.user.UserDialog', {
xtype: 'checkboxfield',
name: 'admin',
fieldLabel: strings.login_admin,
- allowBlank: false
+ allowBlank: false,
+ disabled: true,
+ reference: 'adminField'
}]
},
diff --git a/web/app/view/user/UserDialogController.js b/web/app/view/user/UserDialogController.js
index 1ec14c5e8..c5464225c 100644
--- a/web/app/view/user/UserDialogController.js
+++ b/web/app/view/user/UserDialogController.js
@@ -18,6 +18,12 @@ Ext.define('Traccar.view.user.UserDialogController', {
extend: 'Ext.app.ViewController',
alias: 'controller.userdialog',
+ init: function() {
+ if (Traccar.getApplication().getUser().get('admin')) {
+ this.lookupReference('adminField').setDisabled(false);
+ }
+ },
+
onSaveClick: function(button) {
var dialog = button.up('window').down('form');
dialog.updateRecord();