Fix logical issue in panel_handler

2024-08-30 18:23:09 +00:00 · 2022-08-19 15:14:42 -04:00 · 2022-08-19 15:14:42 -04:00 · f75286e112
commit f75286e112
parent 7a98331b1f
1 changed files with 7 additions and 3 deletions
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -1138,9 +1138,13 @@ class PanelHandler(BaseHandler):
                    )
                    return
            if (
-                self.controller.users.get_user_by_id(user_id)["manager"]
-                != exec_user["user_id"]
-            ) and not exec_user["superuser"]:
+                (
+                    self.controller.users.get_user_by_id(user_id)["manager"]
+                    != exec_user["user_id"]
+                )
+                and not exec_user["superuser"]
+                and str(exec_user["user_id"]) != str(user_id)
+            ):
                self.redirect(
                    "/panel/error?error=Unauthorized access: you cannot edit this user"
                )