Allow users to discard their own topics

author: rubenwardy <rw@rubenwardy.com> 2018-12-25 17:51:29 +0000
committer: rubenwardy <rw@rubenwardy.com> 2018-12-25 17:51:29 +0000
commit: 09150a4dbb74e9fb0d9fe4bdc5ced3ac246cd0e9 (patch)
tree: 6a79e990698c72053a396456f04ed8b7af0d4981 /app/views/api.py
parent: c726f56b3edbc2b97b82b777bada83a2097acb80 (diff)
download: cheatdb-09150a4dbb74e9fb0d9fe4bdc5ced3ac246cd0e9.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/app/views/api.py b/app/views/api.py
index 04f58d6..0c1fc0e 100644
--- a/app/views/api.py
+++ b/app/views/api.py
@@ -46,7 +46,7 @@ def api_topics_page():
 
 
 @app.route("/api/topic_discard/", methods=["POST"])
-@rank_required(UserRank.EDITOR)
+@login_required
 def topic_set_discard():
 	tid = request.args.get("tid")
 	discard = request.args.get("discard")
@@ -54,6 +54,9 @@ def topic_set_discard():
 		abort(400)
 
 	topic = ForumTopic.query.get(tid)
+	if not topic.checkPerm(current_user, Permission.TOPIC_DISCARD):
+		abort(403)
+
 	topic.discarded = discard == "true"
 	db.session.commit()
author	rubenwardy <rw@rubenwardy.com>	2018-12-25 17:51:29 +0000
committer	rubenwardy <rw@rubenwardy.com>	2018-12-25 17:51:29 +0000
commit	09150a4dbb74e9fb0d9fe4bdc5ced3ac246cd0e9 (patch)
tree	6a79e990698c72053a396456f04ed8b7af0d4981 /app/views/api.py
parent	c726f56b3edbc2b97b82b777bada83a2097acb80 (diff)
download	cheatdb-09150a4dbb74e9fb0d9fe4bdc5ced3ac246cd0e9.tar.xz