sgr5/leerdoelen_tracker
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

feat: update user access control to allow directors to list school users
All checks were successful
Build & Push / Build & Push image (push) Successful in 40s
Details

Browse Source
This commit is contained in:
Sam Geyskens
2026-03-04 14:14:28 +01:00
parent 5afe297161
commit 187232a95f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/routes/admin.py
View File

@@ -238,7 +238,7 @@ def activate_year(year_id):
@admin_bp.route('/schools/<int:school_id>/users', methods=['GET'])
@login_required
@school_ict_required
@director_or_ict_required
def list_school_users(school_id):
if not current_user.is_scholengroep_ict and current_user.school_id != school_id:
return jsonify({'error': 'Geen toegang tot deze school'}), 403