From 25ef1ddbcb491dc29b7247fb0ad5c4190c5ead20 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Tue, 18 Feb 2020 11:29:29 +0500
Subject: [PATCH] add owner protection for reseller center

---
 userManagment/views.py                                     | 7 +++++++
 .../static/websiteFunctions/websiteFunctions.css           | 1 +
 2 files changed, 8 insertions(+)

diff --git a/userManagment/views.py b/userManagment/views.py
index 3f37f5bc7..803d35e4f 100755
--- a/userManagment/views.py
+++ b/userManagment/views.py
@@ -908,9 +908,16 @@ def saveResellerChanges(request):
         else:
             return ACLManager.loadErrorJson()
 
+        loggedUser = Administrator.objects.get(pk=val)
+
         userToBeModified = Administrator.objects.get(userName=data['userToBeModified'])
         newOwner = Administrator.objects.get(userName=data['newOwner'])
 
+        ### Check user owners
+
+        if ACLManager.checkUserOwnerShip(currentACL, loggedUser, userToBeModified) == 0 or ACLManager.checkUserOwnerShip(currentACL, loggedUser, newOwner) == 0:
+            return ACLManager.loadErrorJson()
+
         try:
             if ACLManager.websitesLimitCheck(newOwner, data['websitesLimit'], userToBeModified) == 0:
                 finalResponse = {'status': 0,
diff --git a/websiteFunctions/static/websiteFunctions/websiteFunctions.css b/websiteFunctions/static/websiteFunctions/websiteFunctions.css
index cdd39a501..84e4f1449 100755
--- a/websiteFunctions/static/websiteFunctions/websiteFunctions.css
+++ b/websiteFunctions/static/websiteFunctions/websiteFunctions.css
@@ -237,3 +237,4 @@ a:hover {
 .btn-min-width {
     min-width: 350px;
 }
+saveResellerChanges
\ No newline at end of file