Restrict changing display name to moderator and above

author: rubenwardy <rw@rubenwardy.com> 2018-05-21 22:31:50 +0100
committer: rubenwardy <rw@rubenwardy.com> 2018-05-21 22:31:50 +0100
commit: 4841c66602b0fdc35a78d6335583fd1d8f3e1dad (patch)
tree: 0bc553ae0a0030ea16f799d3d23c8a057144d529 /app/views
parent: 0a72a38dd0fa380afa85d8176ccf0ed60d7d237d (diff)
download: cheatdb-4841c66602b0fdc35a78d6335583fd1d8f3e1dad.tar.xz
1 files changed, 4 insertions, 2 deletions
diff --git a/app/views/users.py b/app/views/users.py
index dda53cd..c2460e1 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -50,14 +50,16 @@ def user_profile_page(username):
 		abort(404)
 
 	form = None
-	if user == current_user or user.checkPerm(current_user, Permission.CHANGE_RANK):
+	if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
+			user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
+			user.checkPerm(current_user, Permission.CHANGE_RANK):
 		# Initialize form
 		form = UserProfileForm(formdata=request.form, obj=user)
 
 		# Process valid POST
 		if request.method=="POST" and form.validate():
 			# Copy form fields to user_profile fields
-			if user == current_user:
+			if user.checkPerm(current_user, Permission.CHANGE_DNAME):
 				user.display_name = form["display_name"].data
 
 			if user.checkPerm(current_user, Permission.CHANGE_RANK):
author	rubenwardy <rw@rubenwardy.com>	2018-05-21 22:31:50 +0100
committer	rubenwardy <rw@rubenwardy.com>	2018-05-21 22:31:50 +0100
commit	4841c66602b0fdc35a78d6335583fd1d8f3e1dad (patch)
tree	0bc553ae0a0030ea16f799d3d23c8a057144d529 /app/views
parent	0a72a38dd0fa380afa85d8176ccf0ed60d7d237d (diff)
download	cheatdb-4841c66602b0fdc35a78d6335583fd1d8f3e1dad.tar.xz