Fix Account Edit Requirements (!369) · Merge requests · Arch Linux / aurweb · GitLab

Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.

Kevin Morris requested to merge kevr/aurweb:fix-account-search-edit into pu Dec 27, 2021

This merge request brings in changes to User.can_edit_user:

Now tests for User's credentials (creds.ACCOUNT_EDIT, approved=[user]) AND that the editing request.user.AccountTypeID >= target.AccountTypeID, meaning that users are only allowed to edit targets when they are at least the same AccountType.
Restores self edit.

Edited Dec 28, 2021 by Kevin Morris