Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug where non-superusers could not edit their own API keys

Browse Source
This commit is contained in:
xithical 2022-06-18 16:27:06 -05:00
parent 31097da971
commit 8b6d70ba9a
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/classes/web/panel_handler.py
View File

@ -1058,7 +1058,11 @@ class PanelHandler(BaseHandler):
if user_id is None:
self.redirect("/panel/error?error=Invalid User ID")
return
if str(user_id) != str(exec_user["user_id"]) or not exec_user["superuser"]:
if int(user_id) != exec_user["user_id"] and not exec_user["superuser"]:
print(f"{user_id} {type(user_id)}")
print(f"{exec_user['user_id']} {type(exec_user['user_id'])}")
print(int(user_id) != exec_user["user_id"])
print((int(user_id) != exec_user["user_id"]) or (not exec_user["superuser"]))
self.redirect(
"/panel/error?error=You are not authorized to view this page."
)