galima/periodic-table
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed project admin being able to create superadmin users

Browse Source
This commit is contained in:
gulimabr
2026-01-19 15:20:10 -03:00
parent 384375a297
commit c99f4d8986
2 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/src/main.py
View File

@@ -740,6 +740,13 @@ async def update_member_role(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"Invalid role id {role_data.role_id}"
)
allowed_role_names = {"editor", "auditor", "admin", "viewer"}
if role.role_name not in allowed_role_names:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Project admins cannot assign this role"
)
# Update the user's role
from src.repositories import UserRepository
@@ -798,6 +805,13 @@ async def create_project_user(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"Invalid role id {user_data.role_id}"
)
allowed_role_names = {"editor", "auditor", "admin", "viewer"}
if role.role_name not in allowed_role_names:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Project admins cannot create users with this role"
)
# Create user in Keycloak
keycloak_sub = await KeycloakAdminService.create_user(