From 0cda948323caf0dee9cab8230b8717bef1735315 Mon Sep 17 00:00:00 2001
From: Blitblank <pmcgeee03@gmail.com>
Date: Wed, 22 Apr 2026 23:27:31 -0500
Subject: [PATCH] do the same to delete

---
 api/src/Controllers/UsersController.cs | 2 +-
 client/src/api/UsersApi.ts             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/Controllers/UsersController.cs b/api/src/Controllers/UsersController.cs
index 5adafb7..b29e0fc 100644
--- a/api/src/Controllers/UsersController.cs
+++ b/api/src/Controllers/UsersController.cs
@@ -67,7 +67,7 @@ public class UsersController : ControllerBase {
     }
 
     [Authorize(Policy = Permission.SensitiveData_Modify)]
-    [HttpDelete("{id}/permission")]
+    [HttpDelete("{id}/{permission}")]
     public async Task<ActionResult> removePermission(string id, string permission) {
 
         var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
diff --git a/client/src/api/UsersApi.ts b/client/src/api/UsersApi.ts
index f657a79..54252b2 100644
--- a/client/src/api/UsersApi.ts
+++ b/client/src/api/UsersApi.ts
@@ -10,6 +10,6 @@ export const getUser = (id: string) => api.get<UserDto>(`${API_URL}/${id}`);
 
 export const deleteUser = (id: string) => api.delete<UserDto>(`${API_URL}/${id}`);
 
-export const removePermission = (id: string, permission: string) => api.delete(`${API_URL}/${id}/permission`)
+export const removePermission = (id: string, permission: string) => api.delete(`${API_URL}/${id}/${permission}`)
 
 export const addPermission = (id: string, permission: string) => api.post(`${API_URL}/${id}/${permission}`)