More precise permission checking during EditProfile requests.

2020-10-02 22:03:07 +02:00 · 2020-10-02 22:03:07 +02:00 · 0508c99b43
parent bda24247f0
commit 0508c99b43
1 changed files with 3 additions and 1 deletions
--- a/src/main.cr
+++ b/src/main.cr
@ -432,8 +432,10 @@ class AuthD::Service

 			new_profile = request.new_profile

+			profile = user.profile || Hash(String, JSON::Any).new
+
 			@read_only_profile_keys.each do |key|
-				if new_profile.has_key? key
+				if new_profile[key]? != profile[key]?
 					return Response::Error.new "tried to edit read only key"
 				end
 			end