From 97cad474e5c7447e8e9f8ac6c6ac1a39e64de72b Mon Sep 17 00:00:00 2001 From: Sourav Badami Date: Sun, 23 Jul 2017 20:31:12 +0530 Subject: [PATCH] Fixed #408. (#409) --- website/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/views.py b/website/views.py index ad665c039..96110da0f 100644 --- a/website/views.py +++ b/website/views.py @@ -623,8 +623,8 @@ def post(self, request, *args, **kwargs): def UpdateIssue(request): - if request.method == "POST": - issue = Issue.objects.get(id=request.POST.get('issue_pk')) + issue = Issue.objects.get(id=request.POST.get('issue_pk')) + if request.method == "POST" and request.user.is_superuser or (issue is not None and request.user == issue.user): if request.POST.get('action') == "close": issue.status = "closed" issue.closed_by = request.user