diff options
author | Drew DeVault <sir@cmpwn.com> | 2018-12-12 20:31:18 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2018-12-12 20:31:18 -0500 |
commit | e113adfd73c1109a54c6ec0c5dc1eee63d034484 (patch) | |
tree | e627de44833534059fc5d6843e7671ef30823a9e /gitsrht | |
parent | 8b490a962167a7ab7642b9d56f720857513f4110 (diff) |
Don't let users edit their own ACL
Diffstat (limited to 'gitsrht')
-rw-r--r-- | gitsrht/blueprints/manage.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/gitsrht/blueprints/manage.py b/gitsrht/blueprints/manage.py index d827c22..2542248 100644 --- a/gitsrht/blueprints/manage.py +++ b/gitsrht/blueprints/manage.py @@ -110,6 +110,9 @@ def settings_access_POST(owner_name, repo_name): valid.expect(user, "I don't know this user. Have they logged into git.sr.ht before?", field="user") + valid.expect(user.id != current_user.id, + "You can't adjust your own access controls. You always have full read/write access.", + field="user") if not valid.ok: return render_template("settings_access.html", owner=owner, repo=repo, **valid.kwargs) |