From 04047a571280e06ff59916e8c95763c7885c6a97 Mon Sep 17 00:00:00 2001
From: martstern <martstern@waifu.club>
Date: Wed, 17 May 2017 09:17:08 -0400
Subject: [PATCH] make admin unable to set own user class, fix missing post
 method

---
 nyaa/routes.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nyaa/routes.py b/nyaa/routes.py
index 0502db0..274e4df 100644
--- a/nyaa/routes.py
+++ b/nyaa/routes.py
@@ -206,14 +206,14 @@ def home(rss):
                                          rss_filter=rss_query_string)
 
 
-@app.route('/user/<user_name>')
+@app.route('/user/<user_name>', methods=['GET', 'POST'])
 def view_user(user_name):
     user = models.User.by_username(user_name)
 
     if not user:
         flask.abort(404)
 
-    if flask.g.user:
+    if flask.g.user and flask.g.user.id != user.id:
         admin = flask.g.user.is_admin
         superadmin = flask.g.user.is_superadmin
     else: