Triplehx3/contentdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix users being able to modify other user's email settings

Browse Source
This commit is contained in:
rubenwardy
2020-12-05 22:24:21 +00:00
parent f6f4fe4fc6
commit 5a2ce15f96
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/blueprints/users/settings.py
View File

@@ -159,6 +159,9 @@ def email_notifications(username=None):
if not user:
abort(404)
if not user.checkPerm(current_user, Permission.CHANGE_EMAIL):
abort(403)
is_new = False
prefs = user.notification_preferences
if prefs is None: