From 75ea8025c17c80da8e8adc883972476f0f24a7c2 Mon Sep 17 00:00:00 2001 From: Montana Date: Tue, 4 Sep 2018 15:21:46 -0400 Subject: [PATCH] Authorization check for edit member post route --- atst/routes/workspaces.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/atst/routes/workspaces.py b/atst/routes/workspaces.py index f3ad9092..3cfb8a46 100644 --- a/atst/routes/workspaces.py +++ b/atst/routes/workspaces.py @@ -145,6 +145,12 @@ def view_member(workspace_id, member_id): ) def update_member(workspace_id, member_id): workspace = Workspaces.get(g.current_user, workspace_id) + Authorization.check_workspace_permission( + g.current_user, + workspace, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + "edit this workspace user", + ) member = WorkspaceUsers.get(workspace_id, member_id) form = UpdateMemberForm(http_request.form)