non-superuser admins cannot update the permission name and description anymore.

This commit is contained in:
2026-05-16 23:45:28 +02:00
parent 5a27c678b1
commit 38f8584ecf
3 changed files with 7 additions and 4 deletions

View File

@@ -47,8 +47,10 @@ if ($API_permissions->request_method === 'GET') {
} elseif ($API_permissions->request_method === 'PUT') {
# Update the permission name and description
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$requiredFields = [
'permission_uuid' => ['type' => 'uuid'],