Skip to content
Snippets Groups Projects
Commit eea0f463 authored by Patrick Jentsch's avatar Patrick Jentsch
Browse files

Add permission check for job deletion.

parent e1225c95
No related branches found
No related tags found
No related merge requests found
......@@ -20,10 +20,11 @@ def job(job_id):
@jobs.route('/<int:job_id>/delete')
@login_required
def delete_job(job_id):
delete_thread = threading.Thread(
target=background_delete_job,
args=(current_app._get_current_object(), job_id)
)
job = Job.query.get_or_404(job_id)
if not (job.creator == current_user or current_user.is_administrator()):
abort(403)
delete_thread = threading.Thread(target=background_delete_job,
args=(current_app, job_id))
delete_thread.start()
flash('Job has been deleted!')
return redirect(url_for('main.dashboard'))
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment