From c0a8aee7d753628a52587aee82ddd94df9cad070 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Mon, 2 Aug 2021 11:55:43 +0500
Subject: [PATCH] security fix: CP-10: Admin Websites Suspend / Unsuspend

---
 websiteFunctions/website.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 5543ff9bd..63074d778 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -574,6 +574,12 @@ class WebsiteManager:
 
             website = Websites.objects.get(domain=websiteName)
 
+            admin = Administrator.objects.get(pk=userID)
+            if ACLManager.checkOwnership(websiteName, admin, currentACL) == 1:
+                pass
+            else:
+                return ACLManager.loadErrorJson('websiteStatus', 0)
+
             if state == "Suspend":
                 confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName
                 command = "mv " + confPath + " " + confPath + "-suspended"