diff options
| author | Santo Cariotti <santo@dcariotti.me> | 2022-09-27 15:23:11 +0000 |
|---|---|---|
| committer | Santo Cariotti <santo@dcariotti.me> | 2022-09-27 15:23:11 +0000 |
| commit | 91ce9c49fd3d70b40ebe6f4b9ce681ea3ab02534 (patch) | |
| tree | 5220be55b39052ba06ff1d8a58a6447eb1a13291 /src/routes | |
| parent | 5ab3b9a4b9a725ac52847d77443cb12c1a73899d (diff) | |
Fix: staff can upload a model file everywhere
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/model.rs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/routes/model.rs b/src/routes/model.rs index 5fe75a1..7a98c56 100644 --- a/src/routes/model.rs +++ b/src/routes/model.rs @@ -138,7 +138,7 @@ async fn upload_model_file( } }; - if model.author_id() != claims.user_id { + if !(model.author_id() == user.id || user.is_staff.unwrap()) { return Err(AppError::Unauthorized); } |