add some admin privileges to make bootstrapping possible

diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb
index 6601216980fdc7032131fc5fd43a8f084cfb5d8a..74f77b10aced72f09747f664fc0e11867418ec6e 100644 (file)
--- a/app/models/orvos_model.rb
+++ b/app/models/orvos_model.rb
@@ -32,12 +32,14 @@ class OrvosModel < ActiveRecord::Base
 
   def permission_to_update
     return false unless current_user
+    return true if current_user.is_admin
     if self.owner_changed? and
         self.owner_was != current_user.uuid and
         0 == Link.where(link_class: 'permission',
                         name: 'can_pillage',
                         tail_uuid: self.owner,
                         head_uuid: current_user.uuid).count
+      logger.warn "User #{current_user.uuid} tried to change owner of #{self.class.to_s} #{self.uuid} to #{self.owner}"
       return false
     end
     self.owner == current_user.uuid or

diff --git a/app/models/user.rb b/app/models/user.rb
index a09a44756a64df5393f795d0aadcf777b0232cfe..08663f61d5701fae0dd28cd994c3a2dedbe9ccaa 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -23,9 +23,10 @@ class User < OrvosModel
   protected
 
   def prevent_privilege_escalation
-    if self.is_admin_changed?
+    if self.is_admin_changed? and !current_user.is_admin
       if current_user.uuid == self.uuid
         if self.is_admin != self.is_admin_was
+          logger.warn "User #{self.uuid} tried to change is_admin from #{self.is_admin_was} to #{self.is_admin}"
           self.is_admin = self.is_admin_was
         end
       end