diff --git a/hiboo/account/templates/account_profiles.html b/hiboo/account/templates/account_profiles.html
index 5166bb120dc0a8b3a5a58ef1e774320f9bb78c7a..308439786864ec2c6518aa77cbe4441de58a346b 100644
--- a/hiboo/account/templates/account_profiles.html
+++ b/hiboo/account/templates/account_profiles.html
@@ -42,7 +42,7 @@
</a>
</li>
{% endif %}
- {% if "delete" in profile.transitions() %}
+ {% if "delete" in profile.transitions(current_user) %}
<li><a href="{{ url_for("profile.start_transition", profile_uuid=profile.uuid, transition="delete") }}"><i class="fa fa-trash"></i> {% trans %}Delete this profile{% endtrans %}</a></li>
{% endif %}
</ul>
diff --git a/hiboo/models.py b/hiboo/models.py
index 0c49c7792a02a978e2fe42e4bffcc46d6473e895..ec22bacd0304276a071fe5ea8d1403bfda42d756 100644
--- a/hiboo/models.py
+++ b/hiboo/models.py
@@ -234,11 +234,11 @@ class Profile(db.Model):
user_uuid=user.uuid,
).filter(cls.status.in_((cls.ACTIVE, cls.BLOCKED, cls.REQUEST)))
- def transitions(self, is_admin=False):
+ def transitions(self, actor):
return {
name: transition for name, transition in Profile.TRANSITIONS.items()
if transition[0] == self.status and not self.transition_step
- and (is_admin or not transition[3])
+ and (actor.is_admin or (self.uuid == actor.uuid and not transition[3]))
}
def transition_delta(self, formatted=False):
diff --git a/hiboo/profile/templates/profile_details.html b/hiboo/profile/templates/profile_details.html
index 03e2ed2c5b8ef036a9000b5e6efa1c5209de8c55..652d979fc5c9fd8a1a9b7d744352a62bcb7ce4c0 100644
--- a/hiboo/profile/templates/profile_details.html
+++ b/hiboo/profile/templates/profile_details.html
@@ -34,7 +34,7 @@
</div>
<div class="box-body">
<dl class="dl-horizontal">
- {% for transition, (_, _, _, _, label) in profile.transitions().items() %}
+ {% for transition, (_, _, _, _, label) in profile.transitions(current_user).items() %}
<dt><a href="{{ url_for("profile.start_transition", profile_uuid=profile.uuid, transition=transition) }}">{{ label | capitalize }}</a></dt>
<dd>{{ label | capitalize }} {% trans %}the profile{% endtrans %}</dd>
{% endfor %}
@@ -57,7 +57,7 @@
{% endblock %}
{% block actions %}
-{% for transition, (_, _, _, _, label) in profile.transitions().items() %}
+{% for transition, (_, _, _, _, label) in profile.transitions(current_user).items() %}
<a href="{{ url_for("profile.start_transition", profile_uuid=profile.uuid, transition=transition) }}" class="btn btn-info">{{ label | capitalize }}</a>
{% endfor %}
{% endblock %}
diff --git a/hiboo/profile/views.py b/hiboo/profile/views.py
index d3c2e630145f07aafd78874ba73a5a50ae92f766..2814a97f0aefed5f07e3a899da539a9b736cc5da 100644
--- a/hiboo/profile/views.py
+++ b/hiboo/profile/views.py
@@ -181,7 +181,7 @@ def action(profile_uuid, action):
@security.confirmation_required("change the profile status")
def start_transition(profile_uuid, transition):
profile = models.Profile.query.get(profile_uuid) or flask.abort(404)
- profile.transitions(flask_login.current_user.is_admin).get(transition) or flask.abort(403)
+ profile.transitions(flask_login.current_user).get(transition) or flask.abort(403)
profile.set_transition(transition, flask_login.current_user)
models.db.session.commit()
flask.flash(_("Profile status change was requested"), "success")