From e7f7775efa9a12da660e1050d89cf0e936c7a8a2 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 29 Oct 2020 14:52:20 +0100 Subject: [PATCH] Require edit permissions to edit books, even via ajax --- cps/editbooks.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cps/editbooks.py b/cps/editbooks.py index 7f7764e5..4447cfd4 100644 --- a/cps/editbooks.py +++ b/cps/editbooks.py @@ -930,6 +930,7 @@ def convert_bookformat(book_id): @editbook.route("/ajax/editbooks/", methods=['POST']) @login_required_if_no_ano +@edit_required def edit_list_book(param): vals = request.form.to_dict() # calibre_db.update_title_sort(config)