diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 619ac94..541bac9 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -157,6 +157,10 @@ class AuthLDAP(AuthPlugin): raise NotFound def set_avatar(self, user, avatar: _Avatar): + if self.admin_dn is None: + logger.error("admin_dn missing in ldap config!") + raise InternalServerError + if avatar.mimetype != "image/jpeg": # Try converting using Pillow (if installed) try: @@ -174,9 +178,6 @@ class AuthLDAP(AuthPlugin): logger.debug(f"Could not convert avatar from '{avatar.mimetype}' to JPEG") raise BadRequest("Unsupported image format") - if self.admin_dn is None: - logger.error("admin_dn missing in ldap config!") - raise InternalServerError dn = user.get_attribute("DN") ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret) ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]}) diff --git a/flaschengeist/plugins/balance/__init__.py b/flaschengeist/plugins/balance/__init__.py index 55ff854..a3b051d 100644 --- a/flaschengeist/plugins/balance/__init__.py +++ b/flaschengeist/plugins/balance/__init__.py @@ -63,7 +63,7 @@ def get_limit(userid, current_session: Session): @balance_bp.route("/users//balance/limit", methods=["PUT"]) -@login_required() +@login_required(permissions.SET_LIMIT) def set_limit(userid, current_session: Session): """Set the limit of an user @@ -79,9 +79,6 @@ def set_limit(userid, current_session: Session): HTTP-200 or HTTP error """ user = userController.get_user(userid) - if not current_session._user.has_permission(permissions.SET_LIMIT): - raise Forbidden - data = request.get_json() try: limit = data["limit"]