From b0c9802742cc38a188d1b6efd96a3521391a0ae6 Mon Sep 17 00:00:00 2001
From: gazev <goncalo.r.azevedo@tecnico.ulisboa.pt>
Date: Thu, 14 Nov 2024 02:42:22 +0000
Subject: [PATCH 1/2] fix: update session on role update

---
 app/api/members/routes.py  | 8 ++++++--
 app/roles/roles_handler.py | 5 +++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/api/members/routes.py b/app/api/members/routes.py
index 5306e33..4f0aa4a 100644
--- a/app/api/members/routes.py
+++ b/app/api/members/routes.py
@@ -260,7 +260,9 @@ def add_member_role(username):
     roles = member_service.add_member_role(member, **json_data)
     if roles is None:
         throw_api_error(HTTPStatus.NOT_FOUND, {"error": "User already has this role"})
-    session['roles'] = roles
+    
+    if session.get('username', '') == member.username:
+        session['roles'] = roles
 
     return roles
 
@@ -299,6 +301,8 @@ def remove_member_role(username):
     roles = member_service.remove_member_role(member, **json_data)
     if roles is None:
         throw_api_error(HTTPStatus.NOT_FOUND, {"error": "User does not have this role"})
-    session['roles'] = roles 
+
+    if session.get('username', '') == member.username:
+        session['roles'] = roles
 
     return roles
diff --git a/app/roles/roles_handler.py b/app/roles/roles_handler.py
index 88f9f76..208c528 100644
--- a/app/roles/roles_handler.py
+++ b/app/roles/roles_handler.py
@@ -42,6 +42,11 @@ def has_permission(self, roles_list: List[str], permission: str):
     def has_higher_level(self, roles_list: List[str], role: str):
         """" Checks whether any role in `roles_list` has higher level than `role`. """
         _, highest_lvl = self._get_highest(roles_list)
+        print(highest_lvl)
+        print(role)
+        print(self._get_role_level(role))
+        if highest_lvl == 0:
+            return True # level 0 has all permissions
         return highest_lvl < self._get_role_level(role) # < instead of <= means we cannot add "horizontally"
     
     def init_app(self, app: Flask) -> None:

From 0752cff65c519b3c51c528a7903eb250d57e577d Mon Sep 17 00:00:00 2001
From: gazev <goncalo.r.azevedo@tecnico.ulisboa.pt>
Date: Thu, 14 Nov 2024 02:43:16 +0000
Subject: [PATCH 2/2] fix: add photosdir to .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 2a43a3b..2798e1c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ __pycache__/
 
 data/flask_sessions/
 data/logs/
+data/photos/
 *.sqlite3
 
 .env