ManuelW/MikaList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restrict user creation to admin users only

Browse Source
This commit is contained in:
Manuel Weiser 2024-09-02 11:09:26 +02:00
parent 99fc0e2cf8
commit b7fb379984
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
game_collection/user_management.py
View File

@ -36,6 +36,8 @@ def before_request():
@user_bp.route('/users', methods=['POST']) @user_bp.route('/users', methods=['POST'])
def create_user(): def create_user():
if not authenticate() or g.user.role != 'admin':
return jsonify({'message': 'Unauthorized access! Only admins can create users.'}), 401
data = request.json data = request.json
hashed_password = generate_password_hash(data['password']) hashed_password = generate_password_hash(data['password'])
new_user = User( new_user = User(