Fix for #376
This commit is contained in:
parent
b8d45b664a
commit
01d0083fe6
@ -2141,8 +2141,10 @@ def remove_from_shelf(shelf_id, book_id):
|
|||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
return "Invalid shelf specified", 400
|
return "Invalid shelf specified", 400
|
||||||
|
|
||||||
if not shelf.is_public and not shelf.user_id == int(current_user.id) \
|
# if shelf is public and use is allowed to edit shelfs, or if shelf is private and user is owner
|
||||||
or (shelf.is_public and current_user.role_edit_shelfs()):
|
# allow editing shelfs
|
||||||
|
if (not shelf.is_public and not shelf.user_id == int(current_user.id)) \
|
||||||
|
or not (shelf.is_public and current_user.role_edit_shelfs()):
|
||||||
if not request.is_xhr:
|
if not request.is_xhr:
|
||||||
app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name)
|
app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name)
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
|
Loading…
Reference in New Issue
Block a user