~edwargix/git.sr.ht: Don't let users edit their own ACL

e113adfd73c1109a54c6ec0c5dc1eee63d034484 — Drew DeVault 7 years ago 8b490a9

Don't let users edit their own ACL

patch browse .tar.gz

1 files changed, 3 insertions(+), 0 deletions(-)

M gitsrht/blueprints/manage.py

M gitsrht/blueprints/manage.py => gitsrht/blueprints/manage.py +3 -0

@@ 110,6 110,9 @@ def settings_access_POST(owner_name, repo_name):
     valid.expect(user,
             "I don't know this user. Have they logged into git.sr.ht before?",
             field="user")
+    valid.expect(user.id != current_user.id,
+            "You can't adjust your own access controls. You always have full read/write access.",
+            field="user")
     if not valid.ok:
         return render_template("settings_access.html",
                 owner=owner, repo=repo, **valid.kwargs)