summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-server/ipa-gui/ipagui/subcontrollers/user.py')
-rw-r--r--ipa-server/ipa-gui/ipagui/subcontrollers/user.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
index 952278a0..cc2bba47 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
@@ -362,6 +362,10 @@ class UserController(IPAController):
ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR)):
pass
+ # Set the uid we're editing in the session. If it doesn't match
+ # later the update will not be processed
+ cherrypy.session['uid'] = user_dict.get('uid')
+
return dict(form=user_edit_form, user=user_dict,
user_groups=user_groups_dicts)
except ipaerror.IPAError, e:
@@ -384,6 +388,14 @@ class UserController(IPAController):
turbogears.flash("Edit user cancelled")
raise turbogears.redirect('/user/show', uid=kw.get('uid'))
+ edituid = cherrypy.session.get('uid')
+ if not edituid or edituid != kw.get('uid'):
+ turbogears.flash("Something went wrong. You last viewed %s but are trying to update %s" % (kw.get('uid'), edituid))
+ raise turbogears.redirect('/user/show', uid=kw.get('uid'))
+
+ # We no longer need this
+ cherrypy.session['uid'] = None
+
# Fix incoming multi-valued fields we created for the form
kw = ipahelper.fix_incoming_fields(kw, 'cn', 'cns')
kw = ipahelper.fix_incoming_fields(kw, 'telephonenumber', 'telephonenumbers')
generated by cgit (git 2.34.1) at 2025-09-03 18:08:38 +0000