fix(requests): do not fail request edits if acting user lacks Manage Users permission (#2338)

* fix(api): fix requestedBy logic in request edits * fix(frontend): do not display empty advanced request options box * fix(frontend): set max height on modal backdrop
2025-09-17 17:24:35 +02:00 · 2021-12-10 05:14:14 -05:00
parent dc7f959cb4
commit 91bfff71b7
3 changed files with 16 additions and 5 deletions
--- a/server/routes/request.ts
+++ b/server/routes/request.ts
@@ -549,11 +549,11 @@ requestRoutes.put<{ requestId: string }>(
        });
      }

-      let requestUser = req.user;
+      let requestUser = request.requestedBy;

      if (
        req.body.userId &&
-        req.body.userId !== req.user?.id &&
+        req.body.userId !== request.requestedBy.id &&
        !req.user?.hasPermission([
          Permission.MANAGE_USERS,
          Permission.MANAGE_REQUESTS,