fix(backend): add missing kind definition for admin endpoints to improve security

author: syuilo <Syuilotan@yahoo.co.jp> 2023-12-18 12:32:26 +0900
committer: syuilo <Syuilotan@yahoo.co.jp> 2023-12-18 12:32:26 +0900
commit: 5150053275594278e9eb23e72d98b16593c4c230 (patch)
tree: a1e1b91bd897b88d6cd68680fd14d383dd4e944d /packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
parent: enhance(frontend): tweak avatar decoration setting ui (diff)
download: misskey-5150053275594278e9eb23e72d98b16593c4c230.tar.gz
misskey-5150053275594278e9eb23e72d98b16593c4c230.tar.bz2
misskey-5150053275594278e9eb23e72d98b16593c4c230.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
index ac10f1b6fd..2309493937 100644
--- a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
@@ -12,6 +12,8 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],
 
+	kind: 'write:admin',
+
 	requireCredential: true,
 	requireModerator: true,
 } as const;
@@ -39,7 +41,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			if (user == null) {
 				throw new Error('user not found');
 			}
-	
+
 			if (user.avatarId == null) return;
 
 			await this.usersRepository.update(user.id, {
author	syuilo <Syuilotan@yahoo.co.jp>	2023-12-18 12:32:26 +0900
committer	syuilo <Syuilotan@yahoo.co.jp>	2023-12-18 12:32:26 +0900
commit	5150053275594278e9eb23e72d98b16593c4c230 (patch)
tree	a1e1b91bd897b88d6cd68680fd14d383dd4e944d /packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
parent	enhance(frontend): tweak avatar decoration setting ui (diff)
download	misskey-5150053275594278e9eb23e72d98b16593c4c230.tar.gz misskey-5150053275594278e9eb23e72d98b16593c4c230.tar.bz2 misskey-5150053275594278e9eb23e72d98b16593c4c230.zip