Restrict seeing the email addresses of others to admins only

author: rubenwardy <rw@rubenwardy.com> 2020-07-13 00:34:01 +0100
committer: rubenwardy <rw@rubenwardy.com> 2020-07-13 00:34:05 +0100
commit: a57e06d09b9a0373336bd6bec546d95c794ec4af (patch)
tree: a57d3eb60b8ecd7784636ee81cbf34a0a42126f7
parent: bbc89bb2c2a6b74fb36c04659dfe45e75351c58c (diff)
download: cheatdb-a57e06d09b9a0373336bd6bec546d95c794ec4af.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models.py b/app/models.py
index ade4083..af4b3b2 100644
--- a/app/models.py
+++ b/app/models.py
@@ -200,7 +200,7 @@ class User(db.Model, UserMixin):
 		elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_USERNAMES:
 			return user.rank.atLeast(UserRank.MODERATOR)
 		elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS:
-			return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
+			return user == self or user.rank.atLeast(UserRank.ADMIN)
 		elif perm == Permission.CREATE_TOKEN:
 			if user == self:
 				return user.rank.atLeast(UserRank.MEMBER)
author	rubenwardy <rw@rubenwardy.com>	2020-07-13 00:34:01 +0100
committer	rubenwardy <rw@rubenwardy.com>	2020-07-13 00:34:05 +0100
commit	a57e06d09b9a0373336bd6bec546d95c794ec4af (patch)
tree	a57d3eb60b8ecd7784636ee81cbf34a0a42126f7
parent	bbc89bb2c2a6b74fb36c04659dfe45e75351c58c (diff)
download	cheatdb-a57e06d09b9a0373336bd6bec546d95c794ec4af.tar.xz