From d82835a968907661c16c5832b4487ad6832cdf6e Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Fri, 20 Jan 2023 03:31:51 +0200
Subject: [PATCH] same as last commit

---
 files/routes/admin.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/files/routes/admin.py b/files/routes/admin.py
index 8b8928b2b..fd7667e11 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -246,6 +246,9 @@ def remove_admin(v:User, username):
 
 	user = get_user(username)
 
+	if user.admin_level > v.admin_level:
+		abort(403)
+
 	if user.admin_level:
 		user.admin_level = 0
 		g.db.add(user)
@@ -323,6 +326,9 @@ def distribute(v:User, option_id):
 def revert_actions(v:User, username):
 	revertee = get_user(username)
 
+	if revertee.admin_level > v.admin_level:
+		abort(403)
+
 	ma = ModAction(
 		kind="revert",
 		user_id=v.id,