From aa5d84b79e538cf0e29d5589a78f8534bde596bd Mon Sep 17 00:00:00 2001
From: Dave Lawrence <davmlaw@gmail.com>
Date: Thu, 2 Apr 2026 10:34:38 +1030
Subject: [PATCH] SACGF/variantgrid_private#3822 - vcauth admin security fixes

- Add allowed_permissions = ['change'] to email_discordance action so
  only users with User change permission can trigger bulk emails
- Log exceptions server-side and show a generic error message instead of
  exposing raw exception details (including email addresses) in the admin UI
---
 vcauth/user_admin.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/vcauth/user_admin.py b/vcauth/user_admin.py
index e33ed8326..b55e0c314 100644
--- a/vcauth/user_admin.py
+++ b/vcauth/user_admin.py
@@ -1,8 +1,12 @@
+import logging
+
 from django.contrib import messages
 from django.contrib.auth.admin import UserAdmin
 
 from classification.views.classification_email_view import send_summary_email_to_user
 
+logger = logging.getLogger(__name__)
+
 
 class CustomUserAdmin(UserAdmin):
     def __init__(self, *args, **kwargs):
@@ -19,10 +23,12 @@ def email_discordance(self, request, queryset):
                                       f"Email Server Issue or Emails disabled for sending {user.username} at {user.email} an email",
                                       messages.WARNING)
 
-            except Exception as ex:
-                self.message_user(request, f"Error {ex} when sending {user.username} at {user.email} an email", messages.ERROR)
+            except Exception:
+                logger.exception("Failed to send summary email to %s", user.username)
+                self.message_user(request, f"Failed to send email to {user.username}. Check server logs.", messages.ERROR)
 
         self.message_user(request, 'Emailed %i users' % count)
 
+    email_discordance.allowed_permissions = ['change']
     email_discordance.short_description = "Email weekly summary"
     actions = [email_discordance]