From c02926d6b47a1c2d6c159c5cc5b0612cc1786c83 Mon Sep 17 00:00:00 2001 From: aranzaiger Date: Mon, 29 Jun 2015 17:58:12 +0300 Subject: [PATCH] only lecturer can join other campus --- SE_API/CampusRoutes.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SE_API/CampusRoutes.py b/SE_API/CampusRoutes.py index 40ec281..c32d172 100644 --- a/SE_API/CampusRoutes.py +++ b/SE_API/CampusRoutes.py @@ -118,9 +118,10 @@ def joinCampus(token, campusId): 403 - Invalid token or not a lecturer """ + if not is_lecturer(token): + return forbidden("Invalid token or not a lecturer!") + user = get_user_by_token(token) - if user is None: - return bad_request("Wrong user Token") campus = Campus.get_by_id(int(campusId)) if campus is None: