diff --git a/files/routes/admin.py b/files/routes/admin.py
index b5ff18635..0cbd02957 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -2235,7 +2235,7 @@ def unmark_effortpost(pid, v):
@app.get("/edits/")
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
-@admin_level_required(PERMS['VIEW_EDITS'])
+@auth_required
def view_edits(v, link):
try:
if "p_" in link: obj = get_post(int(link.split("p_")[1]), v=v)
@@ -2243,4 +2243,7 @@ def view_edits(v, link):
else: abort(400)
except: abort(400)
+ if v.id != obj.author_id and v.admin_level < PERMS['VIEW_EDITS']:
+ abort(403, "You can't view other people's edits!")
+
return render_template("edits.html", v=v, obj=obj)
diff --git a/files/templates/comments.html b/files/templates/comments.html
index 8d192d1ca..a338fe7d9 100644
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@@ -233,7 +233,7 @@
#{{c.id}}
- {% if c.edited_utc and v and v.admin_level >= PERMS['VIEW_EDITS'] %}
+ {% if c.edited_utc and v and (v.id == c.author_id or v.admin_level >= PERMS['VIEW_EDITS']) %}
Edited
diff --git a/files/templates/util/macros.html b/files/templates/util/macros.html
index c03028dc9..9a7a8935f 100644
--- a/files/templates/util/macros.html
+++ b/files/templates/util/macros.html
@@ -125,7 +125,7 @@
{% endif %}
{% if p.edited_utc %}
- {% if v and v.admin_level >= PERMS['VIEW_EDITS'] %}
+ {% if v and (v.id == p.author_id or v.admin_level >= PERMS['VIEW_EDITS']) %}
Edited {{p.edited_string}}
{% else %}
Edited {{p.edited_string}}