Fix issue with ability to create admin user by setting referrer
parent
c674f86576
commit
baccaae9b0
|
@ -146,8 +146,12 @@ router.post('/admin/user/insert', common.restrict, (req, res) => {
|
||||||
// set the account to admin if using the setup form. Eg: First user account
|
// set the account to admin if using the setup form. Eg: First user account
|
||||||
let urlParts = url.parse(req.header('Referer'));
|
let urlParts = url.parse(req.header('Referer'));
|
||||||
|
|
||||||
|
// Check number of users
|
||||||
|
db.users.count({}, (err, userCount) => {
|
||||||
let isAdmin = false;
|
let isAdmin = false;
|
||||||
if(urlParts.path === '/admin/setup'){
|
|
||||||
|
// if no users, setup user as admin
|
||||||
|
if(userCount === 0){
|
||||||
isAdmin = true;
|
isAdmin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -198,6 +202,7 @@ router.post('/admin/user/insert', common.restrict, (req, res) => {
|
||||||
res.redirect('/admin/users');
|
res.redirect('/admin/users');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
|
Loading…
Reference in New Issue