X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fsaml2%2Fadmin.py;fp=ipsilon%2Fproviders%2Fsaml2%2Fadmin.py;h=c7a0289ff27b87237f78df9f881f3e28c8dfefc0;hp=9d06be1f057b1ae26020214f0a94c8b5fd0dc70e;hb=9dec97c3c83928d231ea10f4160523a13803e594;hpb=39783cb020d8a88785ce1de6f516bf2d69300002

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 9d06be1..c7a0289 100644
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -307,6 +307,9 @@ class SPAdminPage(AdminPage):
                                   message_type=message_type)
 
     def delete(self):
+        if (not self.user.is_admin and
+                self.user.name != self.sp.owner):
+            raise cherrypy.HTTPError(403)
         self.parent.del_sp(self.sp.name)
         self.sp.permanently_delete()
         return self.parent.root()