Skip to content

Commit

Permalink
Restrict lab credentials import to users with edit-users privilege
Browse files Browse the repository at this point in the history
  • Loading branch information
@JanWichelmann
JanWichelmann committed Oct 16, 2024
1 parent 6f74a0c commit 63a9ab6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions src/Ctf4e.Server/Controllers/AdminUsersController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ public async Task<IActionResult> ExportLabCredentialsAsync()
}

[HttpPost("credentials/import")]
[AnyUserPrivilege(UserPrivileges.EditUsers)]
[ValidateAntiForgeryToken]
public async Task<IActionResult> ImportLabCredentialsAsync(IFormFile credentialsFile)
{
Expand Down
4 changes: 2 additions & 2 deletions src/Ctf4e.Server/Views/Admin/Users/Index.cshtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,10 +178,10 @@
<form class="mb-3" enctype="multipart/form-data" method="post" asp-controller="AdminUsers" asp-action="ImportLabCredentials">
<div class="row">
<div class="col-auto">
<input class="form-control" type="file" id="credentialsFile" name="credentialsFile">
<input class="form-control" type="file" id="credentialsFile" name="credentialsFile" disabled="@(!currentUser.Privileges.HasAnyPrivilege(UserPrivileges.EditUsers))">
</div>
<div class="col">
<button type="submit" class="btn btn-outline-danger">
<button type="submit" class="btn btn-outline-danger" disabled="@(!currentUser.Privileges.HasAnyPrivilege(UserPrivileges.EditUsers))">
<i class="bi bi-upload"></i>
@Localizer["ImportLabCredentials"]
</button>
Expand Down

0 comments on commit 63a9ab6

Please sign in to comment.