Expose, honor the prevent_password_change flag for Users
This commit is contained in:
Lance Edgar
parent
2863ff7a5c
commit
f913ed8332
5 changed files with 24 additions and 11 deletions
|
|
@ -2,7 +2,7 @@
|
|||
################################################################################
|
||||
#
|
||||
# Rattail -- Retail Software Framework
|
||||
# Copyright © 2010-2022 Lance Edgar
|
||||
# Copyright © 2010-2023 Lance Edgar
|
||||
#
|
||||
# This file is part of Rattail.
|
||||
#
|
||||
|
|
@ -24,8 +24,6 @@
|
|||
Tailbone Web API - Auth Views
|
||||
"""
|
||||
|
||||
from __future__ import unicode_literals, absolute_import
|
||||
|
||||
from rattail.db.auth import set_user_password
|
||||
|
||||
from cornice import Service
|
||||
|
|
@ -168,6 +166,9 @@ class AuthenticationView(APIView):
|
|||
if not self.request.user:
|
||||
raise self.forbidden()
|
||||
|
||||
if self.request.user.prevent_password_change and not self.request.is_root:
|
||||
raise self.forbidden()
|
||||
|
||||
data = self.request.json_body
|
||||
|
||||
# first make sure "current" password is accurate
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue