aboutsummaryrefslogtreecommitdiff
path: root/server/src/routes/ui/account/settings.rs
diff options
context:
space:
mode:
Diffstat (limited to 'server/src/routes/ui/account/settings.rs')
-rw-r--r--server/src/routes/ui/account/settings.rs8
1 files changed, 7 insertions, 1 deletions
diff --git a/server/src/routes/ui/account/settings.rs b/server/src/routes/ui/account/settings.rs
index 2192d43..90dcf37 100644
--- a/server/src/routes/ui/account/settings.rs
+++ b/server/src/routes/ui/account/settings.rs
@@ -13,7 +13,8 @@ use crate::{
},
uri,
};
-use jellycommon::user::Theme;
+use jellybase::permission::PermissionSetExt;
+use jellycommon::user::{Theme, UserPermission};
use rocket::{
form::{self, validate::len, Contextual, Form},
get,
@@ -95,6 +96,11 @@ pub fn r_account_settings_post(
database: &State<Database>,
form: Form<Contextual<SettingsForm>>,
) -> MyResult<DynLayoutPage<'static>> {
+ session
+ .user
+ .permissions
+ .assert(&UserPermission::ManageSelf)?;
+
let form = match &form.value {
Some(v) => v,
None => return Ok(settings_page(session, Some(Err(format_form_error(form))))),
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2025-10-08 08:54:22 +0000