Prevent editting of non-editable fields

2025-12-17 22:14:25 +01:00 · 2020-08-17 01:56:02 -04:00
parent 7601a52c3b
commit 0f38e8d07f
1 changed files with 6 additions and 0 deletions
--- a/CTFd/schemas/users.py
+++ b/CTFd/schemas/users.py
@@ -221,10 +221,16 @@ class UserSchema(ma.ModelSchema):
                # # Check that we have an existing field for this. May be unnecessary b/c the foriegn key should enforce
                field = Fields.query.filter_by(id=field_id).first_or_404()

+                if field.editable is False:
+                    raise ValidationError(
+                        f"Field {field.name} cannot be editted", field_names=["fields"]
+                    )
+
                # Get the existing field entry if one exists
                entry = FieldEntries.query.filter_by(
                    field_id=field.id, user_id=current_user.id
                ).first()
+
                if entry:
                    f["id"] = entry.id