xevion/runnerspace
1
0
Fork 0
mirror of https://github.com/Xevion/runnerspace.git synced 2025-12-06 21:16:21 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix administrator override

Browse Source
This commit is contained in:
Xevion
2022-03-27 13:19:10 -05:00
parent 4704bd5c6e
commit 8188ce5484
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
forms.py
View File

@@ -13,7 +13,7 @@ def edit_profile_post(username):
user = db.session.query(User).filter_by(username=username).first_or_404() user = db.session.query(User).filter_by(username=username).first_or_404()
# Ignore non # Ignore non
if not user.is_admin and current_user.id != user.id: if not current_user.is_admin and current_user.id != user.id:
return redirect(url_for('main.user', username=username)) return redirect(url_for('main.user', username=username))
user.about_me = request.form.get('about-me', user.about_me) user.about_me = request.form.get('about-me', user.about_me)

2
routes.py
View File

@@ -63,7 +63,7 @@ def user(username: str):
@login_required @login_required
def edit_user(username: str): def edit_user(username: str):
user = User.query.filter_by(username=username).first_or_404() user = User.query.filter_by(username=username).first_or_404()
if user.is_admin or current_user.id == user.id: if current_user.is_admin or current_user.id == user.id:
return render_template('pages/user_edit.html', user=user) return render_template('pages/user_edit.html', user=user)
return redirect(url_for('main.user', username=username)) return redirect(url_for('main.user', username=username))