Correct documentation on users allowed to use webhooks

author: rubenwardy <rw@rubenwardy.com> 2020-04-21 19:27:34 +0100
committer: rubenwardy <rw@rubenwardy.com> 2020-04-21 19:27:34 +0100
commit: a678a61c23cd61f11d7c0a570f26e9d333bb9731 (patch)
tree: aab17fbab1456f2d55ff5553f6161c0f05aa7985 /app/blueprints/api/endpoints.py
parent: b5ce0a786a1fac846e3de4e7dfe8ea4a27d81f2b (diff)
download: cheatdb-a678a61c23cd61f11d7c0a570f26e9d333bb9731.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/app/blueprints/api/endpoints.py b/app/blueprints/api/endpoints.py
index 057cb7a..7c7a44a 100644
--- a/app/blueprints/api/endpoints.py
+++ b/app/blueprints/api/endpoints.py
@@ -140,6 +140,9 @@ def markdown():
 @is_package_page
 @is_api_authd
 def create_release(token, package):
+	if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE):
+		return error(403, "You do not have the permission to approve releases")
+
 	json = request.json
 	if json is None:
 		return error(400, "JSON post data is required")
author	rubenwardy <rw@rubenwardy.com>	2020-04-21 19:27:34 +0100
committer	rubenwardy <rw@rubenwardy.com>	2020-04-21 19:27:34 +0100
commit	a678a61c23cd61f11d7c0a570f26e9d333bb9731 (patch)
tree	aab17fbab1456f2d55ff5553f6161c0f05aa7985 /app/blueprints/api/endpoints.py
parent	b5ce0a786a1fac846e3de4e7dfe8ea4a27d81f2b (diff)
download	cheatdb-a678a61c23cd61f11d7c0a570f26e9d333bb9731.tar.xz