From a57e06d09b9a0373336bd6bec546d95c794ec4af Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Mon, 13 Jul 2020 00:34:01 +0100
Subject: [PATCH] Restrict seeing the email addresses of others to admins only

---
 app/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models.py b/app/models.py
index ade4083..af4b3b2 100644
--- a/app/models.py
+++ b/app/models.py
@@ -200,7 +200,7 @@ class User(db.Model, UserMixin):
 		elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_USERNAMES:
 			return user.rank.atLeast(UserRank.MODERATOR)
 		elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS:
-			return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
+			return user == self or user.rank.atLeast(UserRank.ADMIN)
 		elif perm == Permission.CREATE_TOKEN:
 			if user == self:
 				return user.rank.atLeast(UserRank.MEMBER)
-- 
2.44.0