summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/ApiCallService.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/api/ApiCallService.ts')
-rw-r--r--packages/backend/src/server/api/ApiCallService.ts11
1 files changed, 11 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts
index 415fbf08dd..c19e861a5a 100644
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@@ -271,6 +271,17 @@ export class ApiCallService implements OnApplicationShutdown {
}
}
+ if (ep.meta.requireRoleOption != null && !user!.isRoot) {
+ const myRole = await this.roleService.getUserRoleOptions(user!.id);
+ if (!myRole[ep.meta.requireRoleOption]) {
+ throw new ApiError({
+ message: 'You are not assigned to a required role.',
+ code: 'ROLE_PERMISSION_DENIED',
+ id: '7f86f06f-7e15-4057-8561-f4b6d4ac755a',
+ });
+ }
+ }
+
if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) {
throw new ApiError({
message: 'Your app does not have the necessary permissions to use this endpoint.',
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-08 08:49:20 +0000