From da3af2c22ff3cc8734d025089bd00c41ae8f31b3 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Mon, 24 Oct 2022 14:43:39 +0100 Subject: [PATCH] Only allow editors to access user comments page --- app/blueprints/threads/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/blueprints/threads/__init__.py b/app/blueprints/threads/__init__.py index 26cfd77c..72f7ad0e 100644 --- a/app/blueprints/threads/__init__.py +++ b/app/blueprints/threads/__init__.py @@ -23,7 +23,7 @@ bp = Blueprint("threads", __name__) from flask_login import current_user, login_required from app.models import * -from app.utils import addNotification, isYes, addAuditLog, get_system_user +from app.utils import addNotification, isYes, addAuditLog, get_system_user, rank_required from flask_wtf import FlaskForm from wtforms import * from wtforms.validators import * @@ -373,6 +373,7 @@ def new(): @bp.route("/users//comments/") +@rank_required(UserRank.EDITOR) def user_comments(username): user = User.query.filter_by(username=username).first() if user is None: