Non-admin users can't promote themselves to admin users

Signed-off-by: Emmy D'Anello <emmy.danello@animath.fr>
2023-05-20 11:35:37 +02:00 · 2023-05-20 11:35:37 +02:00 · 777ae059f9
parent 310ac70a74
commit 777ae059f9
1 changed files with 4 additions and 0 deletions
--- a/registration/views.py
+++ b/registration/views.py
@ -275,6 +275,8 @@ class UserUpdateView(UserMixin, UpdateView):
        if not self.request.user.registration.is_admin:
            if "team" in context["registration_form"].fields:
                del context["registration_form"].fields["team"]
+            if "admin" in context["registration_form"].fields:
+                del context["registration_form"].fields["admin"]
            del context["registration_form"].fields["email_confirmed"]
        return context

@ -286,6 +288,8 @@ class UserUpdateView(UserMixin, UpdateView):
        if not self.request.user.registration.is_admin:
            if "team" in registration_form.fields:
                del registration_form.fields["team"]
+            if "admin" in registration_form.fields:
+                del registration_form.fields["admin"]
            del registration_form.fields["email_confirmed"]

        if not registration_form.is_valid():