diff options
| author | Drew DeVault <sir@cmpwn.com> | 2018-12-12 20:31:18 -0500 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2018-12-12 20:31:18 -0500 |
| commit | e113adfd73c1109a54c6ec0c5dc1eee63d034484 (patch) | |
| tree | e627de44833534059fc5d6843e7671ef30823a9e /gitsrht | |
| parent | 8b490a962167a7ab7642b9d56f720857513f4110 (diff) | |
Don't let users edit their own ACL
Diffstat (limited to 'gitsrht')
| -rw-r--r-- | gitsrht/blueprints/manage.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/gitsrht/blueprints/manage.py b/gitsrht/blueprints/manage.py index d827c22..2542248 100644 --- a/gitsrht/blueprints/manage.py +++ b/gitsrht/blueprints/manage.py @@ -110,6 +110,9 @@ def settings_access_POST(owner_name, repo_name): valid.expect(user, "I don't know this user. Have they logged into git.sr.ht before?", field="user") + valid.expect(user.id != current_user.id, + "You can't adjust your own access controls. You always have full read/write access.", + field="user") if not valid.ok: return render_template("settings_access.html", owner=owner, repo=repo, **valid.kwargs) |