summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
authorChristian Hofmaier2019-02-25 04:25:08 +0100
committerChristian Hofmaier2019-02-25 04:25:08 +0100
commit7b098c8b969a1d283a94391d9d8050ad0c5a4d13 (patch)
tree82d9f6edbc4503d3419a41626a986c4797478c8d /server/api/users.js
parent[webapp/datatable] improved slim mode (diff)
downloadbas-7b098c8b969a1d283a94391d9d8050ad0c5a4d13.tar.gz
bas-7b098c8b969a1d283a94391d9d8050ad0c5a4d13.tar.xz
bas-7b098c8b969a1d283a94391d9d8050ad0c5a4d13.zip
[permissionmanager] rework for blacklist system
- integrate PM into PM itself - wildcard function for hasPermission()
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/server/api/users.js b/server/api/users.js
index 1a724ac..7963825 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -36,7 +36,11 @@ router.getAsync('/:id', async (req, res) => {
// ############################################################################
// ########################## POST requests #################################
+// Post request for adding roles to users.
router.postAsync('/:id/roles', async (req, res) => {
+ if (!await req.user.hasPermission('permissions.grantrevoke')) {
+ res.status(403).end()
+ }
const id = req.params.id === 'current' ? req.user.id : req.params.id
const user = await db.user.findOne({ where: { id } })
if (user) {