From 27562930461a88e761ecc2b54e0497dbcc43232d Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Tue, 21 Jan 2020 19:53:58 +0500
Subject: [PATCH] security check for user creation

---
 userManagment/views.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/userManagment/views.py b/userManagment/views.py
index 51000a186..eb1b6f164 100755
--- a/userManagment/views.py
+++ b/userManagment/views.py
@@ -91,7 +91,6 @@ def apiAccess(request):
         logging.CyberCPLogFileWriter.writeToFile(str(msg))
         return redirect(loadLoginPage)
 
-
 def saveChangesAPIAccess(request):
     try:
         userID = request.session['userID']
@@ -123,7 +122,6 @@ def saveChangesAPIAccess(request):
         json_data = json.dumps(finalResponse)
         return HttpResponse(json_data)
 
-
 def submitUserCreation(request):
     try:
 
@@ -200,6 +198,13 @@ def submitUserCreation(request):
                 newAdmin.save()
             elif currentACL['createNewUser'] == 1:
 
+                if selectedACL != 'user':
+                    data_ret = {'status': 0, 'createStatus': 0,
+                                'error_message': "You are not authorized to access this resource."}
+
+                    final_json = json.dumps(data_ret)
+                    return HttpResponse(final_json)
+
                 newAdmin = Administrator(firstName=firstName,
                                          lastName=lastName,
                                          email=email,