From 9a47edc9ec4a619279dcbc37283afe2bda07570d Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Fri, 20 Aug 2021 15:40:23 +0500
Subject: [PATCH] =?UTF-8?q?security=20fix:=20CP-22:=20Websites=20=E2=80=93?=
 =?UTF-8?q?=20Modify=20Website?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 websiteFunctions/website.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 574c69e01..0392b2db1 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -766,6 +766,12 @@ class WebsiteManager:
             else:
                 return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
 
+            newOwner = Administrator.objects.get(userName=newUser)
+            if ACLManager.checkUserOwnerShip(currentACL, admin, newOwner) == 1:
+                pass
+            else:
+                return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
+
             confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain
             completePathToConfigFile = confPath + "/vhost.conf"