From: rubenwardy <rw@rubenwardy.com>
Date: Sun, 12 Jul 2020 23:34:01 +0000 (+0100)
Subject: Restrict seeing the email addresses of others to admins only
X-Git-Url: https://git.lizzy.rs/?a=commitdiff_plain;h=a57e06d09b9a0373336bd6bec546d95c794ec4af;p=cheatdb.git

Restrict seeing the email addresses of others to admins only
---

diff --git a/app/models.py b/app/models.py
index ade4083..af4b3b2 100644
--- a/app/models.py
+++ b/app/models.py
@@ -200,7 +200,7 @@ class User(db.Model, UserMixin):
 		elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_USERNAMES:
 			return user.rank.atLeast(UserRank.MODERATOR)
 		elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS:
-			return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
+			return user == self or user.rank.atLeast(UserRank.ADMIN)
 		elif perm == Permission.CREATE_TOKEN:
 			if user == self:
 				return user.rank.atLeast(UserRank.MEMBER)