aboutsummaryrefslogtreecommitdiff
path: root/app/views/api.py
diff options
context:
space:
mode:
Diffstat (limited to 'app/views/api.py')
-rw-r--r--app/views/api.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/app/views/api.py b/app/views/api.py
index 04f58d6..0c1fc0e 100644
--- a/app/views/api.py
+++ b/app/views/api.py
@@ -46,7 +46,7 @@ def api_topics_page():
@app.route("/api/topic_discard/", methods=["POST"])
-@rank_required(UserRank.EDITOR)
+@login_required
def topic_set_discard():
tid = request.args.get("tid")
discard = request.args.get("discard")
@@ -54,6 +54,9 @@ def topic_set_discard():
abort(400)
topic = ForumTopic.query.get(tid)
+ if not topic.checkPerm(current_user, Permission.TOPIC_DISCARD):
+ abort(403)
+
topic.discarded = discard == "true"
db.session.commit()
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-01 14:59:06 +0000