Skip to content

Fix Account Edit Requirements

Kevin Morris requested to merge kevr/aurweb:fix-account-search-edit into pu

This merge request brings in changes to User.can_edit_user:

  • Now tests for User's credentials (creds.ACCOUNT_EDIT, approved=[user]) AND that the editing request.user.AccountTypeID >= target.AccountTypeID, meaning that users are only allowed to edit targets when they are at least the same AccountType.
  • Restores self edit.
Edited by Kevin Morris

Merge request reports