forms.py

@@ -13,6 +13,7 @@ async def invite_user(request):
 	"""Allows an admin to invite a new user."""
 	if not request['session']['admin']:
 		return {'main': "You do not have permission to do that."}
+
 	data = await request.post()
 	email = data.get('email')
 
@@ -26,8 +27,6 @@ async def invite_user(request):
 
 async def change_user_perms(request):
 	"""Allows an admin to change user permissions."""
-	if not request['session']['admin']:
-		return {'main': "You do not have permission to do that."}
 	data = await request.post()
 	data = json.loads(data['perms'])
 
@@ -53,8 +52,6 @@ async def change_user_perms(request):
 
 async def new_app(request):
 	"""Allows an admin to add a new app to be managed by Buckler."""
-	if not request['session']['admin']:
-		return {'main': "You do not have permission to do that."}
 	data = await request.post()
 	app_name = data.get('app_name')
 	app_url = data.get('app_url')

static/buckler.js

@@ -15,10 +15,8 @@ function load() {
 			}
 		});
 	});
-	if (user_perms) {
 	document.querySelector('#user_perm_form').addEventListener('submit', submit_user_perms);
 }
-}
 
 function submit_user_perms(event) {
 	event.preventDefault();

templates/index.html

@@ -4,7 +4,7 @@
 		<title>Buckler</title>
 		<link rel="stylesheet" type="text/css" href="/static/buckler.css">
 		<script>
-			var user_perms = {% if request['session']['admin'] %}{{ user_perms_json|safe }}{% else %}null{% endif %};
+			var user_perms = {{ user_perms_json|safe }};
 		</script>
 		<script type="text/javascript" src="/static/buckler.js"></script>
 		<script>window.onload = load;</script>