Closed brilee closed 8 years ago
Problem is fundamentally that flask.ext.login.current_user
is not guaranteed to be an instance of User; is only an instance of UserMixin. So you can't directly call any methods of User...
I moved the can_reset_player_token-related stuff to the profile page, which is by definition restricted to logged-in users.
the permission check from
{% if user.can_reset_player_token(player) %}<tr><td>Token</td><td>{{ player.token }}</td></tr>{% endif %}
is an error whenuser
is an AnonymousUserMixin object, instead of our model-defined User object.{% if not user.is_anonymous and user.can_reset_player_token(player) %}<tr><td>Token</td><td>{{ player.token }}</td></tr>{% endif %}
should fix the issue; needs to be tested.