From 23fd613d8f7fe572c11b8c663cb4a6cc1674a385 Mon Sep 17 00:00:00 2001
From: Xevion <xevioni@yandex.com>
Date: Sun, 27 Mar 2022 09:39:51 -0500
Subject: [PATCH] Add login checks for user_edit form page viewing

---
 routes.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/routes.py b/routes.py
index 7ff5488..86154dd 100644
--- a/routes.py
+++ b/routes.py
@@ -1,5 +1,5 @@
-from flask import Blueprint, render_template
-from flask_login import login_required
+from flask import Blueprint, redirect, render_template, url_for
+from flask_login import current_user, login_required
 
 from .models import User
 
@@ -43,10 +43,13 @@ def user(username: str):
     return render_template('pages/user.html', user=user)
 
 
-@blueprint.route('/user/<username>/edit')
+@blueprint.route('/user/<username>/edit', methods=['GET'])
 @login_required
 def edit_user(username: str):
-    return render_template('pages/user_edit.html')
+    user = User.query.filter_by(username=username).first_or_404()
+    if current_user.id == user.id:
+        return render_template('pages/user_edit.html', user=user)
+    return redirect(url_for('main.user', username=username))
 
 
 @blueprint.route('/blogs')