From 136be53a084b84a0a764d0d326146fca241733f4 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Sat, 27 Jun 2015 10:50:40 +1200
Subject: Fix user security issue

---
 web/app/view/user/UserDialog.js           | 4 +++-
 web/app/view/user/UserDialogController.js | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'web')

diff --git a/web/app/view/user/UserDialog.js b/web/app/view/user/UserDialog.js
index 7b6dc4199..fba182eb1 100644
--- a/web/app/view/user/UserDialog.js
+++ b/web/app/view/user/UserDialog.js
@@ -50,7 +50,9 @@ Ext.define('Traccar.view.user.UserDialog', {
             xtype: 'checkboxfield',
             name: 'admin',
             fieldLabel: strings.login_admin,
-            allowBlank: false
+            allowBlank: false,
+            disabled: true,
+            reference: 'adminField'
         }]
     },
 
diff --git a/web/app/view/user/UserDialogController.js b/web/app/view/user/UserDialogController.js
index 1ec14c5e8..c5464225c 100644
--- a/web/app/view/user/UserDialogController.js
+++ b/web/app/view/user/UserDialogController.js
@@ -18,6 +18,12 @@ Ext.define('Traccar.view.user.UserDialogController', {
     extend: 'Ext.app.ViewController',
     alias: 'controller.userdialog',
 
+    init: function() {
+        if (Traccar.getApplication().getUser().get('admin')) {
+            this.lookupReference('adminField').setDisabled(false);
+        }
+    },
+
     onSaveClick: function(button) {
         var dialog = button.up('window').down('form');
         dialog.updateRecord();
-- 
cgit v1.2.3