homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow removal of self permissions, just not the important one
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details

Browse Source
This commit is contained in:
Blitblank
2026-04-22 23:30:25 -05:00
parent 0cda948323
commit be183c6fd3
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/src/Controllers/UsersController.cs
View File

@@ -70,8 +70,7 @@ public class UsersController : ControllerBase {
[HttpDelete("{id}/{permission}")] [HttpDelete("{id}/{permission}")]
public async Task<ActionResult> removePermission(string id, string permission) { public async Task<ActionResult> removePermission(string id, string permission) {
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if(permission == Permission.SensitiveData_Modify) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
if(userId == id) return BadRequest(); // dont allow permission removal of yourself
// get list of permissions of that user // get list of permissions of that user
var user = await service_.GetById(id); var user = await service_.GetById(id);