From 67dd626c65b7ae79a21ee9322d1946121078130f Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Tue, 4 Sep 2018 17:58:13 +0700 Subject: [PATCH] Fix the user role checking in History routes --- app/templates/admin_history.html | 2 +- app/views.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/templates/admin_history.html b/app/templates/admin_history.html index 82f555b..07609ef 100644 --- a/app/templates/admin_history.html +++ b/app/templates/admin_history.html @@ -23,7 +23,7 @@

History Management

-
diff --git a/app/views.py b/app/views.py index aeb82e9..da0bb6a 100644 --- a/app/views.py +++ b/app/views.py @@ -1324,7 +1324,7 @@ def admin_manageaccount(): @operator_role_required def admin_history(): if request.method == 'POST': - if current_user.role != 'Administrator': + if current_user.role.name != 'Administrator': return make_response(jsonify( { 'status': 'error', 'msg': 'You do not have permission to remove history.' } ), 401) h = History()