local-it/vikunja-api
Archived
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Make sure to require admin rights when modifying list/namespace users to be consistent with teams

Browse source 
Signed-off-by: kolaente <k@knt.li>
This commit is contained in:
kolaente 2020-08-12 18:20:47 +02:00
parent 5e84ce639f
commit 4a70c81b33
Signed by untrusted user who does not match committer: konrad
GPG key ID: F40E70337AB24C9B
4 changed files with 12 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/models/list_users_rights.go
View file

@ -43,5 +43,5 @@ func (lu *ListUser) canDoListUser(a web.Auth) (bool, error) {
// Get the list and check if the user has write access on it
l := List{ID: lu.ListID}
return l.CanWrite(a)
return l.IsAdmin(a)
}