github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add admin check. (#1716)

Browse Source 
* Add admin check.

* Fix teamId check.
This commit is contained in:
Brian Cao
2022-12-27 15:18:58 -08:00
committed by GitHub
parent c90bd941b5
commit 561cde6e7e
20 changed files with 133 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pages/api/users/[id]/password.ts
View File

@@ -29,12 +29,9 @@ export default async (
const { currentPassword, newPassword } = req.body;
const { id } = req.query;
const {
user: { id: userId, isAdmin },
} = req.auth;
if (req.method === 'POST') {
if (!isAdmin && !(await canUpdateUser(userId, id))) {
if (!(await canUpdateUser(req.auth, id))) {
return unauthorized(res);
}