Respect user enabled flag in admin authentication

6 years ago · c688970b32
parent 49b17d31be
commit c688970b32
1 changed files with 2 additions and 1 deletions
--- a/core/admin/mailu/internal/views.py
+++ b/core/admin/mailu/internal/views.py
@ -27,7 +27,8 @@ def admin_authentication():
    """ Fails if the user is not an authenticated admin.
    """
    if (not flask_login.current_user.is_anonymous
-        and flask_login.current_user.global_admin):
+        and flask_login.current_user.global_admin
+        and flask_login.current_user.enabled):
        return ""
    return flask.abort(403)