fix(frontend): Do not allow user w/ ID 1 to disable 'Admin' permission (#965)

2025-09-17 17:24:35 +02:00 · 2021-02-18 20:20:32 -05:00
parent bdb3cb2025
commit 77b2d9ea22
5 changed files with 37 additions and 14 deletions
--- a/server/routes/user/usersettings.ts
+++ b/server/routes/user/usersettings.ts
@@ -266,6 +266,13 @@ userSettingsRoutes.post<
        return next({ status: 404, message: 'User not found.' });
      }

+      if (user.id === 1) {
+        return next({
+          status: 500,
+          message: 'Permissions for user with ID 1 cannot be modified',
+        });
+      }
+
      user.permissions = req.body.permissions;

      await userRepository.save(user);