Skip to content
Snippets Groups Projects
Commit eea0f463 authored by Patrick Jentsch's avatar Patrick Jentsch
Browse files

Add permission check for job deletion.

parent e1225c95
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 4 deletions
app/jobs/views.py
+ 5
4
View file @ eea0f463
...@@ -20,10 +20,11 @@ def job(job_id): ...@@ -20,10 +20,11 @@ def job(job_id):
@jobs.route('/<int:job_id>/delete') @jobs.route('/<int:job_id>/delete')
@login_required @login_required
def delete_job(job_id): def delete_job(job_id):
delete_thread = threading.Thread( job = Job.query.get_or_404(job_id)
target=background_delete_job, if not (job.creator == current_user or current_user.is_administrator()):
args=(current_app._get_current_object(), job_id) abort(403)
) delete_thread = threading.Thread(target=background_delete_job,
args=(current_app, job_id))
delete_thread.start() delete_thread.start()
flash('Job has been deleted!') flash('Job has been deleted!')
return redirect(url_for('main.dashboard')) return redirect(url_for('main.dashboard'))
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment