non-superuser admins cannot update the permission name and description anymore.

This commit is contained in:
2026-05-16 23:45:28 +02:00
parent 5a27c678b1
commit 38f8584ecf
3 changed files with 7 additions and 4 deletions

View File

@@ -18,7 +18,8 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
# Check permissions
$API = new API();
if (!$API->checkPermissions('admin-access-control-permissions', 'RW', true)) {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API->isSuperuser()) {
echo 'error 401 unauthorized';
exit;
}