diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-06-27 10:50:40 +1200 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-06-27 10:50:40 +1200 |
commit | 136be53a084b84a0a764d0d326146fca241733f4 (patch) | |
tree | d8f4756ecbd1376a51d40bee085e595f6c64d8b3 /web/app/view/user | |
parent | deea5b703fd83e699d62600d93b3e28ac71188a1 (diff) | |
download | traccar-server-136be53a084b84a0a764d0d326146fca241733f4.tar.gz traccar-server-136be53a084b84a0a764d0d326146fca241733f4.tar.bz2 traccar-server-136be53a084b84a0a764d0d326146fca241733f4.zip |
Fix user security issue
Diffstat (limited to 'web/app/view/user')
-rw-r--r-- | web/app/view/user/UserDialog.js | 4 | ||||
-rw-r--r-- | web/app/view/user/UserDialogController.js | 6 |
2 files changed, 9 insertions, 1 deletions
diff --git a/web/app/view/user/UserDialog.js b/web/app/view/user/UserDialog.js index 7b6dc4199..fba182eb1 100644 --- a/web/app/view/user/UserDialog.js +++ b/web/app/view/user/UserDialog.js @@ -50,7 +50,9 @@ Ext.define('Traccar.view.user.UserDialog', { xtype: 'checkboxfield', name: 'admin', fieldLabel: strings.login_admin, - allowBlank: false + allowBlank: false, + disabled: true, + reference: 'adminField' }] }, diff --git a/web/app/view/user/UserDialogController.js b/web/app/view/user/UserDialogController.js index 1ec14c5e8..c5464225c 100644 --- a/web/app/view/user/UserDialogController.js +++ b/web/app/view/user/UserDialogController.js @@ -18,6 +18,12 @@ Ext.define('Traccar.view.user.UserDialogController', { extend: 'Ext.app.ViewController', alias: 'controller.userdialog', + init: function() { + if (Traccar.getApplication().getUser().get('admin')) { + this.lookupReference('adminField').setDisabled(false); + } + }, + onSaveClick: function(button) { var dialog = button.up('window').down('form'); dialog.updateRecord(); |