Fix moderators being able to change emails of admins

author: rubenwardy <rw@rubenwardy.com> 2018-05-14 14:46:32 +0100
committer: rubenwardy <rw@rubenwardy.com> 2018-05-14 14:46:32 +0100
commit: 661bb19de7fe9eba830f96d042af20f2255c0bb5 (patch)
tree: 7e6f74105812be75c78e857ecea3344100d72f6e
parent: 4bea3484d15aa159a7aa3eea6ebd7aeb3d9d6f84 (diff)
download: cheatdb-661bb19de7fe9eba830f96d042af20f2255c0bb5.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models.py b/app/models.py
index eaa44e8..d1add6f 100644
--- a/app/models.py
+++ b/app/models.py
@@ -121,7 +121,7 @@ class User(db.Model, UserMixin):
 		elif perm == Permission.CHANGE_RANK:
 			return user.rank.atLeast(UserRank.MODERATOR)
 		elif perm == Permission.CHANGE_EMAIL:
-			return user == self or user.rank.atLeast(UserRank.MODERATOR)
+			return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
 		else:
 			raise Exception("Permission {} is not related to users".format(perm.name))
author	rubenwardy <rw@rubenwardy.com>	2018-05-14 14:46:32 +0100
committer	rubenwardy <rw@rubenwardy.com>	2018-05-14 14:46:32 +0100
commit	661bb19de7fe9eba830f96d042af20f2255c0bb5 (patch)
tree	7e6f74105812be75c78e857ecea3344100d72f6e
parent	4bea3484d15aa159a7aa3eea6ebd7aeb3d9d6f84 (diff)
download	cheatdb-661bb19de7fe9eba830f96d042af20f2255c0bb5.tar.xz