Prevent user from updating his own role (#2115)

GladysAssistant · Sep 13, 2024 · 344ad9b · 344ad9b
1 parent 269d31a
commit 344ad9b
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/server/api/controllers/user.controller.js b/server/api/controllers/user.controller.js
@@ -131,6 +131,7 @@ module.exports = function UserController(gladys) {
    * @apiGroup User
    */
   async function updateMySelf(req, res, next) {
+    delete req.body.role;
     const newUser = await gladys.user.update(req.user.id, req.body);
     res.json(newUser);
   }