Respect user enabled flag in admin authentication

2018-04-15 19:53:24 +02:00
parent c8540ddba7
commit e843f7ef1f
1 changed files with 2 additions and 1 deletions
--- a/core/admin/mailu/internal/views.py
+++ b/core/admin/mailu/internal/views.py
@@ -27,7 +27,8 @@ def admin_authentication():
    """ Fails if the user is not an authenticated admin.
    """
    if (not flask_login.current_user.is_anonymous
-        and flask_login.current_user.global_admin):
+        and flask_login.current_user.global_admin
+        and flask_login.current_user.enabled):
        return ""
    return flask.abort(403)