Fix users being able to modify other user's email settings
This commit is contained in:
parent
f6f4fe4fc6
commit
5a2ce15f96
|
@ -159,6 +159,9 @@ def email_notifications(username=None):
|
||||||
if not user:
|
if not user:
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
|
if not user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
||||||
|
abort(403)
|
||||||
|
|
||||||
is_new = False
|
is_new = False
|
||||||
prefs = user.notification_preferences
|
prefs = user.notification_preferences
|
||||||
if prefs is None:
|
if prefs is None:
|
||||||
|
|
Loading…
Reference in New Issue