Fix: fail with 403 when user not allowed to archive query.

2024-11-07 01:25:16 +00:00 · 2015-01-25 17:30:10 +02:00 · 2015-01-25 17:30:10 +02:00 · febf9939c8
commit febf9939c8
parent cddc00e2cc
1 changed files with 1 additions and 1 deletions
--- a/redash/controllers.py
+++ b/redash/controllers.py
@ -349,7 +349,7 @@ class QueryAPI(BaseResource):
            if q.user.id == self.current_user.id or self.current_user.has_permission('admin'):
                q.archive()
            else:
-                self.delete_others_query(query_id)
+                abort(403)
        else:
            abort(404, message="Query not found.")