TDvorak/swingmusic-extended
1
0
Fork 0
mirror of https://github.com/Dvorinka/swingmusic-extended.git synced 2026-06-03 20:13:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix: list index out of range when trying to unset admin role (#432)

Browse Source
This commit is contained in:
Tikhon Petrishchev
2026-01-18 09:30:23 +03:00
committed by GitHub
parent 4fa5c031e3
commit 10f6edeb68
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/swingmusic/api/auth.py
+7 -4
View File
@@ -173,7 +173,7 @@ def update_profile(body: UpdateProfileBody):
if "admin" not in current_user["roles"]:
return {"msg": "Only admins can update roles"}, 403
all_users = UserTable.get_all()
all_users = list(UserTable.get_all())
if "admin" not in body.roles:
# check if we're removing the last admin
admins = [user for user in all_users if "admin" in user.roles]
@@ -186,15 +186,18 @@ def update_profile(body: UpdateProfileBody):
if "guest" in _user.roles:
return {"msg": "Cannot update guest user"}, 400
# finally, convert roles to json string
user["roles"] = body.roles
if user["password"]:
user["password"] = hash_password(user["password"])
# remove empty values
clean_user = {k: v for k, v in user.items() if v}
# finally, convert roles to json string
# doing it here to prevent deleting roles from clean user
# when body.roles is an empty list
if body.roles is not None:
clean_user["roles"] = body.roles
try:
# return authdb.update_user(clean_user)
UserTable.update_one(clean_user)