Fix:Updating root user #3366

2025-01-22 00:07:52 +01:00 · 2024-09-02 16:12:57 -05:00 · 2024-09-02 16:12:57 -05:00 · 60e348fcc1
commit 60e348fcc1
parent f194c5be0e
1 changed files with 4 additions and 1 deletions
--- a/server/controllers/UserController.js
+++ b/server/controllers/UserController.js
@ -205,9 +205,12 @@ class UserController {
  async update(req, res) {
    const user = req.reqUser

-    if (user.type === 'root' && !req.user.isRoot) {
+    if (user.isRoot && !req.user.isRoot) {
      Logger.error(`[UserController] Admin user "${req.user.username}" attempted to update root user`)
      return res.sendStatus(403)
+    } else if (user.isRoot) {
+      // Root user cannot update type
+      delete req.body.type
    }

    const updatePayload = req.body