|
|
@@ -1105,7 +1105,6 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
}
|
|
|
if ismaster {
|
|
|
if user.PlatformRoleID != models.SuperAdminRole && userchange.PlatformRoleID == models.SuperAdminRole {
|
|
|
@@ -1115,6 +1114,12 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ if !ismaster && !userchange.IsMFAEnabled && user.IsMFAEnabled {
|
|
|
+ err = fmt.Errorf("mfa removal requires the master user key, operation is not permitted for other users")
|
|
|
+ logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
if logic.IsOauthUser(user) == nil && userchange.Password != "" {
|
|
|
err := fmt.Errorf("cannot update user's password for an oauth user %s", username)
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
Vishal Dalwadi