Reduce access restrictions on user list

This commit is contained in:
rubenwardy 2018-05-23 18:42:59 +01:00
parent 5c13200429
commit da33b10612
No known key found for this signature in database
GPG Key ID: A1E29D52FF81513C
2 changed files with 2 additions and 1 deletions

@ -59,6 +59,7 @@
</li> </li>
{% if current_user.canAccessTodoList() %} {% if current_user.canAccessTodoList() %}
<li><a href="{{ url_for('todo_page') }}">Work Queue</a></li> <li><a href="{{ url_for('todo_page') }}">Work Queue</a></li>
<li><a href="{{ url_for('user_list_page') }}">User list</a></li>
{% endif %} {% endif %}
{% if current_user.rank == current_user.rank.ADMIN %} {% if current_user.rank == current_user.rank.ADMIN %}
<li><a href="{{ url_for('admin_page') }}">Admin</a></li> <li><a href="{{ url_for('admin_page') }}">Admin</a></li>

@ -37,7 +37,7 @@ class UserProfileForm(FlaskForm):
submit = SubmitField("Save") submit = SubmitField("Save")
@app.route("/users/", methods=["GET"]) @app.route("/users/", methods=["GET"])
@rank_required(UserRank.MODERATOR) @login_required
def user_list_page(): def user_list_page():
users = User.query.order_by(db.asc(User.rank), db.asc(User.display_name)).all() users = User.query.order_by(db.asc(User.rank), db.asc(User.display_name)).all()
return render_template("users/list.html", users=users) return render_template("users/list.html", users=users)