Restrict delete user API endpoint to MT+ level (CC-67)

pull/47/head
HardiReady 2018-10-20 22:52:45 +02:00
parent ac83629824
commit 2c996a14e2
1 changed files with 2 additions and 1 deletions

View File

@ -9,6 +9,7 @@ const codes = require('./http-codes');
const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
const checkHl = require('../middleware/permission-check').checkHl; const checkHl = require('../middleware/permission-check').checkHl;
const checkMT = require('../middleware/permission-check').checkMT;
const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo'); const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo');
const filterHandlerCreator = require('../middleware/filter-handler-mongo'); const filterHandlerCreator = require('../middleware/filter-handler-mongo');
@ -180,7 +181,7 @@ users.route('/:id')
}); });
}) })
.delete(apiAuthenticationMiddleware, checkHl, (req, res, next) => { .delete(apiAuthenticationMiddleware, checkMT, (req, res, next) => {
UserModel.findByIdAndRemove(req.params.id, (err, item) => { UserModel.findByIdAndRemove(req.params.id, (err, item) => {
if (err) { if (err) {
err.status = codes.wrongrequest; err.status = codes.wrongrequest;