From 39f7425cc93022c3c91cf53ee3ec460825c03e05 Mon Sep 17 00:00:00 2001
From: Xevion <xevioni@yandex.com>
Date: Sun, 27 Mar 2022 11:51:17 -0500
Subject: [PATCH] Add administrative bypass to user properties

---
 forms.py  | 2 +-
 models.py | 1 +
 routes.py | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/forms.py b/forms.py
index fe33c99..1140dba 100644
--- a/forms.py
+++ b/forms.py
@@ -13,7 +13,7 @@ def edit_profile_post(username):
     user = db.session.query(User).filter_by(username=username).first_or_404()
 
     # Ignore non
-    if current_user.id != user.id:
+    if not user.is_admin and current_user.id != user.id:
         return redirect(url_for('main.user', username=username))
 
     user.about_me = request.form.get('about-me', user.about_me)
diff --git a/models.py b/models.py
index 9b6f1fd..ec4950c 100644
--- a/models.py
+++ b/models.py
@@ -20,6 +20,7 @@ class User(UserMixin, db.Model):
     time_registered = db.Column(db.DateTime, nullable=False, server_default=func.now())
     last_seen = db.Column(db.DateTime, nullable=False, server_default=func.now())
     last_ip = db.Column(db.String(64), nullable=True)
+    is_admin = db.Column(db.Boolean, default=False)
     posts = db.relationship("Post")
     comments = db.relationship("Comment")
 
diff --git a/routes.py b/routes.py
index 12f3356..215a29b 100644
--- a/routes.py
+++ b/routes.py
@@ -58,7 +58,7 @@ def user(username: str):
 @login_required
 def edit_user(username: str):
     user = User.query.filter_by(username=username).first_or_404()
-    if current_user.id == user.id:
+    if user.is_admin or current_user.id == user.id:
         return render_template('pages/user_edit.html', user=user)
     return redirect(url_for('main.user', username=username))