only admins can change rightslevel

2018-05-31 17:27:05 +02:00 · 2018-05-31 17:27:05 +02:00 · 7acc562b53
commit 7acc562b53
parent 717248bc73
2 changed files with 21 additions and 13 deletions
--- a/pandora/user/views.py
+++ b/pandora/user/views.py
@ -362,7 +362,7 @@ def editUser(request, data):
            response = json_response(status=403, text='email already in use')
            return render_to_json_response(response)
        user.email = data['email']
-    if 'level' in data:
+    if 'level' in data and request.user.profile.get_level() == 'admin':
        profile.set_level(data['level'])
    if 'notes' in data:
        profile.notes = data['notes']