CHEF-2649: Only allow admin clients to create admins (not validators)0.9-stable

author: Bryan McLellan <btm@opscode.com> 2011-10-29 19:08:47 -0700
committer: Bryan McLellan <btm@opscode.com> 2011-10-29 19:16:19 -0700
commit: 7a09597360c256f6164047b62782a2a1e0a3d68a (patch)
tree: ac6b12a3050170dd6947c52cff768b82795a0f2c
parent: faad1a96e7dd6bd89d12fe3e77a4f517879e6ca7 (diff)
download: chef-0.9-stable.tar.gz
1 files changed, 7 insertions, 7 deletions
diff --git a/chef-server-api/app/controllers/clients.rb b/chef-server-api/app/controllers/clients.rb
index 81ca0c9baa..efa2b4a3d4 100644
--- a/chef-server-api/app/controllers/clients.rb
+++ b/chef-server-api/app/controllers/clients.rb
@@ -49,13 +49,13 @@ class Clients < Application
     exists = true 
     if params.has_key?(:inflated_object)
       params[:name] ||= params[:inflated_object].name
-      # We can only get here if we're admin or the validator. Only
-      # allow creating admin clients if we're already an admin.
-      if @auth_user.admin
-        params[:admin] ||= params[:inflated_object].admin
-      else
-        params[:admin] = false
-      end
+      params[:admin] ||= params[:inflated_object].admin
+    end
+
+    # We can only create clients if we're the admin or the validator.
+    # But only allow creating admin clients if we're already an admin.
+    if params[:admin] == true && @auth_user.admin != true
+      raise Forbidden, "You are not allowed to take this action."
     end
 
     begin
author	Bryan McLellan <btm@opscode.com>	2011-10-29 19:08:47 -0700
committer	Bryan McLellan <btm@opscode.com>	2011-10-29 19:16:19 -0700
commit	7a09597360c256f6164047b62782a2a1e0a3d68a (patch)
tree	ac6b12a3050170dd6947c52cff768b82795a0f2c
parent	faad1a96e7dd6bd89d12fe3e77a4f517879e6ca7 (diff)
download	chef-0.9-stable.tar.gz