mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-24 10:34:17 +00:00
Add permission check for job deletion.
This commit is contained in:
parent
e1225c95bf
commit
eea0f4635d
@ -20,10 +20,11 @@ def job(job_id):
|
|||||||
@jobs.route('/<int:job_id>/delete')
|
@jobs.route('/<int:job_id>/delete')
|
||||||
@login_required
|
@login_required
|
||||||
def delete_job(job_id):
|
def delete_job(job_id):
|
||||||
delete_thread = threading.Thread(
|
job = Job.query.get_or_404(job_id)
|
||||||
target=background_delete_job,
|
if not (job.creator == current_user or current_user.is_administrator()):
|
||||||
args=(current_app._get_current_object(), job_id)
|
abort(403)
|
||||||
)
|
delete_thread = threading.Thread(target=background_delete_job,
|
||||||
|
args=(current_app, job_id))
|
||||||
delete_thread.start()
|
delete_thread.start()
|
||||||
flash('Job has been deleted!')
|
flash('Job has been deleted!')
|
||||||
return redirect(url_for('main.dashboard'))
|
return redirect(url_for('main.dashboard'))
|
||||||
|
Loading…
Reference in New Issue
Block a user