From a678a61c23cd61f11d7c0a570f26e9d333bb9731 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Tue, 21 Apr 2020 19:27:34 +0100
Subject: Correct documentation on users allowed to use webhooks

---
 app/blueprints/api/endpoints.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'app/blueprints/api/endpoints.py')

diff --git a/app/blueprints/api/endpoints.py b/app/blueprints/api/endpoints.py
index 057cb7a..7c7a44a 100644
--- a/app/blueprints/api/endpoints.py
+++ b/app/blueprints/api/endpoints.py
@@ -140,6 +140,9 @@ def markdown():
 @is_package_page
 @is_api_authd
 def create_release(token, package):
+	if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE):
+		return error(403, "You do not have the permission to approve releases")
+
 	json = request.json
 	if json is None:
 		return error(400, "JSON post data is required")
-- 
cgit v1.2.3