non-superuser admins cannot update the permission name and description anymore.
This commit is contained in:
@@ -47,8 +47,10 @@ if ($API_permissions->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_permissions->request_method === 'PUT') {
|
||||
|
||||
# Update the permission name and description
|
||||
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
|
||||
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||
if (!$API_permissions->isSuperuser()) {
|
||||
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
|
||||
}
|
||||
|
||||
$requiredFields = [
|
||||
'permission_uuid' => ['type' => 'uuid'],
|
||||
|
||||
Reference in New Issue
Block a user