From dd0baf7898cbd132d71e601a6a570666896b6569 Mon Sep 17 00:00:00 2001
From: David Hoppenbrouwers <david@salt-inc.org>
Date: Tue, 11 Oct 2022 01:07:47 +0200
Subject: [PATCH] Add missing admin checks

Fixes #2
---
 main.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/main.py b/main.py
index 848180a..97ac77d 100644
--- a/main.py
+++ b/main.py
@@ -532,6 +532,10 @@ def admin_unban_user(user_id):
 
 @app.route('/admin/user/new/', methods = ['POST'])
 def admin_new_user():
+    chk, user = _admin_check()
+    if not chk:
+        return user
+
     try:
         name, passwd = request.form['name'], request.form['password']
         if name == '' or passwd == '':
@@ -546,6 +550,10 @@ def admin_new_user():
 
 @app.route('/admin/user/<int:user_id>/edit/role/', methods = ['POST'])
 def admin_set_role(user_id):
+    chk, user = _admin_check()
+    if not chk:
+        return user
+
     try:
         role = request.form['role']
         if role not in ('0', '1', '2'):