From 91ce9c49fd3d70b40ebe6f4b9ce681ea3ab02534 Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Tue, 27 Sep 2022 17:23:11 +0200
Subject: Fix: staff can upload a model file everywhere

---
 src/routes/model.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/routes/model.rs')

diff --git a/src/routes/model.rs b/src/routes/model.rs
index 5fe75a1..7a98c56 100644
--- a/src/routes/model.rs
+++ b/src/routes/model.rs
@@ -138,7 +138,7 @@ async fn upload_model_file(
         }
     };
 
-    if model.author_id() != claims.user_id {
+    if !(model.author_id() == user.id || user.is_staff.unwrap()) {
         return Err(AppError::Unauthorized);
     }
 
-- 
cgit v1.2.3-71-g8e6c