From 7b098c8b969a1d283a94391d9d8050ad0c5a4d13 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Mon, 25 Feb 2019 03:25:08 +0000 Subject: [permissionmanager] rework for blacklist system - integrate PM into PM itself - wildcard function for hasPermission() --- server/api/users.js | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'server/api/users.js') diff --git a/server/api/users.js b/server/api/users.js index 1a724ac..7963825 100644 --- a/server/api/users.js +++ b/server/api/users.js @@ -36,7 +36,11 @@ router.getAsync('/:id', async (req, res) => { // ############################################################################ // ########################## POST requests ################################# +// Post request for adding roles to users. router.postAsync('/:id/roles', async (req, res) => { + if (!await req.user.hasPermission('permissions.grantrevoke')) { + res.status(403).end() + } const id = req.params.id === 'current' ? req.user.id : req.params.id const user = await db.user.findOne({ where: { id } }) if (user) { -- cgit v1.2.3-55-g7522