summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/server/api/users.js b/server/api/users.js
index 1a724ac..7963825 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -36,7 +36,11 @@ router.getAsync('/:id', async (req, res) => {
// ############################################################################
// ########################## POST requests #################################
+// Post request for adding roles to users.
router.postAsync('/:id/roles', async (req, res) => {
+ if (!await req.user.hasPermission('permissions.grantrevoke')) {
+ res.status(403).end()
+ }
const id = req.params.id === 'current' ? req.user.id : req.params.id
const user = await db.user.findOne({ where: { id } })
if (user) {