xevion/runnerspace
1
0
Fork 0
mirror of https://github.com/Xevion/runnerspace.git synced 2025-12-08 06:08:19 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add administrative bypass to user properties

Browse Source
This commit is contained in:
Xevion
2022-03-27 11:51:17 -05:00
parent 96b4dba73c
commit 39f7425cc9
3 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
forms.py
View File

@@ -13,7 +13,7 @@ def edit_profile_post(username):
user = db.session.query(User).filter_by(username=username).first_or_404()
# Ignore non
if current_user.id != user.id:
if not user.is_admin and current_user.id != user.id:
return redirect(url_for('main.user', username=username))
user.about_me = request.form.get('about-me', user.about_me)

1
models.py
View File

@@ -20,6 +20,7 @@ class User(UserMixin, db.Model):
time_registered = db.Column(db.DateTime, nullable=False, server_default=func.now())
last_seen = db.Column(db.DateTime, nullable=False, server_default=func.now())
last_ip = db.Column(db.String(64), nullable=True)
is_admin = db.Column(db.Boolean, default=False)
posts = db.relationship("Post")
comments = db.relationship("Comment")

2
routes.py
View File

@@ -58,7 +58,7 @@ def user(username: str):
@login_required
def edit_user(username: str):
user = User.query.filter_by(username=username).first_or_404()
if current_user.id == user.id:
if user.is_admin or current_user.id == user.id:
return render_template('pages/user_edit.html', user=user)
return redirect(url_for('main.user', username=username))