From 661bb19de7fe9eba830f96d042af20f2255c0bb5 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Mon, 14 May 2018 14:46:32 +0100
Subject: [PATCH] Fix moderators being able to change emails of admins

---
 app/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models.py b/app/models.py
index eaa44e8..d1add6f 100644
--- a/app/models.py
+++ b/app/models.py
@@ -121,7 +121,7 @@ class User(db.Model, UserMixin):
 		elif perm == Permission.CHANGE_RANK:
 			return user.rank.atLeast(UserRank.MODERATOR)
 		elif perm == Permission.CHANGE_EMAIL:
-			return user == self or user.rank.atLeast(UserRank.MODERATOR)
+			return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
 		else:
 			raise Exception("Permission {} is not related to users".format(perm.name))