#400 add defanged_admin config to allow disabling of risky actions

2018-04-22 18:49:15 +01:00
parent f1d546deea
commit 75a199690c
3 changed files with 5 additions and 4 deletions
--- a/lib/App/Netdisco/Web/AdminTask.pm
+++ b/lib/App/Netdisco/Web/AdminTask.pm
@@ -44,7 +44,7 @@ foreach my $action (@{ setting('job_prio')->{high} },
    };
 }

-ajax qr{/ajax/control/admin/(?:\w+/)?delete} => require_role admin => sub {
+ajax qr{/ajax/control/admin/(?:\w+/)?delete} => require_role setting('defanged_admin') => sub {
    send_error('Missing device', 400) unless param('device');

    my $device = NetAddr::IP->new(param('device'));