pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authorization check for edit member post route

Browse Source
This commit is contained in:
Montana 2018-09-04 15:21:46 -04:00
parent 1808acd5f4
commit 75ea8025c1
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
atst/routes/workspaces.py
View File

@ -145,6 +145,12 @@ def view_member(workspace_id, member_id):
) )
def update_member(workspace_id, member_id): def update_member(workspace_id, member_id):
workspace = Workspaces.get(g.current_user, workspace_id) workspace = Workspaces.get(g.current_user, workspace_id)
Authorization.check_workspace_permission(
g.current_user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id) member = WorkspaceUsers.get(workspace_id, member_id)
form = UpdateMemberForm(http_request.form) form = UpdateMemberForm(http_request.form)