This commit is contained in:
OzzieIsaacs 2017-11-12 19:08:20 +01:00
parent b8d45b664a
commit 01d0083fe6

View File

@ -2141,8 +2141,10 @@ def remove_from_shelf(shelf_id, book_id):
return redirect(url_for('index')) return redirect(url_for('index'))
return "Invalid shelf specified", 400 return "Invalid shelf specified", 400
if not shelf.is_public and not shelf.user_id == int(current_user.id) \ # if shelf is public and use is allowed to edit shelfs, or if shelf is private and user is owner
or (shelf.is_public and current_user.role_edit_shelfs()): # allow editing shelfs
if (not shelf.is_public and not shelf.user_id == int(current_user.id)) \
or not (shelf.is_public and current_user.role_edit_shelfs()):
if not request.is_xhr: if not request.is_xhr:
app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name) app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name)
return redirect(url_for('index')) return redirect(url_for('index'))