Yadciel/Titan
1
0
Fork 0
mirror of https://github.com/TitanEmbeds/Titan.git synced 2025-11-04 07:47:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check user permissions when accepting a post request for administrating guilds

Browse Source
This commit is contained in:
Jeremy Zhang
2017-09-13 21:51:32 +00:00
parent 1a6a8b3727
commit cedceabe2e
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webapp/titanembeds/blueprints/user/user.py
View File

@@ -223,6 +223,8 @@ def update_administrate_guild(guild_id):
db_guild = db.session.query(Guilds).filter(Guilds.guild_id == guild_id).first() db_guild = db.session.query(Guilds).filter(Guilds.guild_id == guild_id).first()
if not db_guild: if not db_guild:
abort(400) abort(400)
if not check_user_permission(guild_id, 5):
abort(403)
db_guild.unauth_users = request.form.get("unauth_users", db_guild.unauth_users) in ["true", True] db_guild.unauth_users = request.form.get("unauth_users", db_guild.unauth_users) in ["true", True]
db_guild.visitor_view = request.form.get("visitor_view", db_guild.visitor_view) in ["true", True] db_guild.visitor_view = request.form.get("visitor_view", db_guild.visitor_view) in ["true", True]
db_guild.webhook_messages = request.form.get("webhook_messages", db_guild.webhook_messages) in ["true", True] db_guild.webhook_messages = request.form.get("webhook_messages", db_guild.webhook_messages) in ["true", True]