mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-24 02:24:20 +00:00
Add permission check for job deletion.
This commit is contained in:
parent
e1225c95bf
commit
eea0f4635d
@ -20,10 +20,11 @@ def job(job_id):
|
||||
@jobs.route('/<int:job_id>/delete')
|
||||
@login_required
|
||||
def delete_job(job_id):
|
||||
delete_thread = threading.Thread(
|
||||
target=background_delete_job,
|
||||
args=(current_app._get_current_object(), job_id)
|
||||
)
|
||||
job = Job.query.get_or_404(job_id)
|
||||
if not (job.creator == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
delete_thread = threading.Thread(target=background_delete_job,
|
||||
args=(current_app, job_id))
|
||||
delete_thread.start()
|
||||
flash('Job has been deleted!')
|
||||
return redirect(url_for('main.dashboard'))
|
||||
|
Loading…
Reference in New Issue
Block a user