This commit is contained in:
Mel O'Hagan 2022-11-29 16:38:44 +00:00
parent d0909392d7
commit 197699b2ad
1 changed files with 4 additions and 5 deletions

View File

@ -23,11 +23,10 @@ const MAX_USERS_UPLOAD_LIMIT = 1000
export const save = async (ctx: any) => {
try {
if (
!ctx.request.body._id &&
!ctx.internal &&
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
) {
const body = ctx.request.body
const isCreate = !body._id
const isAdmin = !!ctx.user.admin?.global
if (isCreate && !isAdmin) {
ctx.throw(403, "Only admin user can create new user.")
}
ctx.body = await sdk.users.save(ctx.request.body)