summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-02-25 07:53:21 +0100
committerJannik Schönartz2019-02-25 07:53:21 +0100
commitc3f06a43fb1286f211c1475a87dc8b4f6d88948b (patch)
tree8505d2dad3e450b22577408cd678a555beef5be6 /server/api/users.js
parent[webapp/user] Add user management module for creating / deleting user accounts (diff)
parent[permissionmanager] rework for blacklist system (diff)
downloadbas-c3f06a43fb1286f211c1475a87dc8b4f6d88948b.tar.gz
bas-c3f06a43fb1286f211c1475a87dc8b4f6d88948b.tar.xz
bas-c3f06a43fb1286f211c1475a87dc8b4f6d88948b.zip
Merge
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/server/api/users.js b/server/api/users.js
index dc77932..663f88e 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -42,7 +42,11 @@ router.getAsync('/:id', async (req, res) => {
// ############################################################################
// ########################## POST requests #################################
+// Post request for adding roles to users.
router.postAsync('/:id/roles', async (req, res) => {
+ if (!await req.user.hasPermission('permissions.grantrevoke')) {
+ res.status(403).end()
+ }
const id = req.params.id === 'current' ? req.user.id : req.params.id
const user = await db.user.findOne({ where: { id } })
if (user) {