Fix NameError: ADMIN_WRITE_ROUTES renamed to DEMO_BLOCKED_POSTS

before_request handler still referenced old variable name. Updated to use DEMO_BLOCKED_POSTS with simpler path-in-set check. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 05:23:01 -05:00 · 2026-03-26 05:23:01 -05:00 · f0cf69b4bd
commit f0cf69b4bd
parent 9f48a050c8
1 changed files with 4 additions and 5 deletions
--- a/llm_team_ui.py
+++ b/llm_team_ui.py
@ -174,11 +174,10 @@ def security_checks():
    if path.startswith("/static"):
        return

-    # In demo mode, block admin write routes for non-admins
-    if is_demo() and not is_admin():
-        for route, methods in ADMIN_WRITE_ROUTES.items():
-            if path == route and request.method in methods:
-                return jsonify({"error": "demo mode: admin settings are read-only", "demo": True}), 403
+    # In demo mode, block destructive writes for non-admins
+    if is_demo() and not is_admin() and request.method == "POST":
+        if path in DEMO_BLOCKED_POSTS:
+            return jsonify({"error": "demo mode: read-only", "demo": True}), 403


@app.after_request