Restrict seeing the email addresses of others to admins only
This commit is contained in:
parent
bbc89bb2c2
commit
a57e06d09b
|
@ -200,7 +200,7 @@ class User(db.Model, UserMixin):
|
||||||
elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_USERNAMES:
|
elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_USERNAMES:
|
||||||
return user.rank.atLeast(UserRank.MODERATOR)
|
return user.rank.atLeast(UserRank.MODERATOR)
|
||||||
elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS:
|
elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS:
|
||||||
return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
|
return user == self or user.rank.atLeast(UserRank.ADMIN)
|
||||||
elif perm == Permission.CREATE_TOKEN:
|
elif perm == Permission.CREATE_TOKEN:
|
||||||
if user == self:
|
if user == self:
|
||||||
return user.rank.atLeast(UserRank.MEMBER)
|
return user.rank.atLeast(UserRank.MEMBER)
|
||||||
|
|
Loading…
Reference in New Issue