Add administrative bypass to user properties

forms.py

@@ -13,7 +13,7 @@ def edit_profile_post(username):
     user = db.session.query(User).filter_by(username=username).first_or_404()
 
     # Ignore non
-    if current_user.id != user.id:
+    if not user.is_admin and current_user.id != user.id:
         return redirect(url_for('main.user', username=username))
 
     user.about_me = request.form.get('about-me', user.about_me)

models.py

@@ -20,6 +20,7 @@ class User(UserMixin, db.Model):
     time_registered = db.Column(db.DateTime, nullable=False, server_default=func.now())
     last_seen = db.Column(db.DateTime, nullable=False, server_default=func.now())
     last_ip = db.Column(db.String(64), nullable=True)
+    is_admin = db.Column(db.Boolean, default=False)
     posts = db.relationship("Post")
     comments = db.relationship("Comment")
 

routes.py

@@ -58,7 +58,7 @@ def user(username: str):
 @login_required
 def edit_user(username: str):
     user = User.query.filter_by(username=username).first_or_404()
-    if current_user.id == user.id:
+    if user.is_admin or current_user.id == user.id:
         return render_template('pages/user_edit.html', user=user)
     return redirect(url_for('main.user', username=username))