implement visible authorisation

2021-07-02 16:33:48 +02:00
parent 9f4795b9f1
commit 4ca8660b1d
2 changed files with 8 additions and 0 deletions
--- a/ki/routes.py
+++ b/ki/routes.py
@ -116,6 +116,9 @@ def get_user_profile(user_id):
    if profile is None:
        return make_response({}, 404)

+    if not profile.visible and profile.user.id != g.user.id:
+        return make_response({}, 403)
+
    return make_response({
        "profile": profile.to_dict(),
    })