From 3aa9deb112b4642af63f074d0e50c7bd6570dd7d Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Sat, 7 Aug 2021 11:44:35 +0500
Subject: [PATCH] security fix: CP-12: CP-12: Admin Packages Modify Package

---
 packages/packagesManager.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/packagesManager.py b/packages/packagesManager.py
index f4b4fd2de..f6ebc9fba 100755
--- a/packages/packagesManager.py
+++ b/packages/packagesManager.py
@@ -148,6 +148,11 @@ class PackagesManager:
 
             modifyPack = Package.objects.get(packageName=packageName)
 
+            ## Check package ownership
+            admin = Administrator.objects.get(pk=userID)
+            if ACLManager.CheckPackageOwnership(modifyPack, admin, currentACL) == 0:
+                return ACLManager.loadErrorJson('deleteStatus', 0)
+
             diskSpace = modifyPack.diskSpace
             bandwidth = modifyPack.bandwidth
             ftpAccounts = modifyPack.ftpAccounts