Fix permission management when editing/deleting fetches

8 years ago · 21bec865b3
parent 58ec3597ab
commit 21bec865b3
1 changed files with 1 additions and 1 deletions
--- a/admin/freeposte/admin/utils.py
+++ b/admin/freeposte/admin/utils.py
@ -46,6 +46,6 @@ def get_fetch(fetch_id):
    if not fetch:
        flask.abort(404)
    if not fetch.user.domain in flask_login.current_user.get_managed_domains():
-        if not fetch.user == flask_login.current_user:
+        if not fetch.user.email == flask_login.current_user.email:
            flask.abort(403)
    return fetch