From 89648a83dd009d1d37c7529c32cd1f259e39f189 Mon Sep 17 00:00:00 2001
From: Son <nguyenkims@users.noreply.github.com>
Date: Mon, 8 Nov 2021 11:22:54 +0100
Subject: [PATCH] fix case /mailbox/confirm_change is called in unauthorized
 user

---
 app/dashboard/views/mailbox_detail.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/dashboard/views/mailbox_detail.py b/app/dashboard/views/mailbox_detail.py
index ab7a2acb..0d564a11 100644
--- a/app/dashboard/views/mailbox_detail.py
+++ b/app/dashboard/views/mailbox_detail.py
@@ -263,7 +263,8 @@ def mailbox_confirm_change_route():
 
         # new_email can be None if user cancels change in the meantime
         if mailbox and mailbox.new_email:
-            if Mailbox.get_by(email=mailbox.new_email, user_id=current_user.id):
+            user = mailbox.user
+            if Mailbox.get_by(email=mailbox.new_email, user_id=user.id):
                 flash(f"{mailbox.new_email} is already used", "error")
                 return redirect(
                     url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox.id)