summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/endpoints
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/api/endpoints')
-rw-r--r--packages/backend/src/server/api/endpoints/invite.ts (renamed from packages/backend/src/server/api/endpoints/admin/invite.ts)12
1 files changed, 9 insertions, 3 deletions
diff --git a/packages/backend/src/server/api/endpoints/admin/invite.ts b/packages/backend/src/server/api/endpoints/invite.ts
index bc42bf792a..d22946e04a 100644
--- a/packages/backend/src/server/api/endpoints/admin/invite.ts
+++ b/packages/backend/src/server/api/endpoints/invite.ts
@@ -4,12 +4,12 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RegistrationTicketsRepository } from '@/models/index.js';
import { IdService } from '@/core/IdService.js';
import { DI } from '@/di-symbols.js';
+import { RoleService } from '@/core/RoleService.js';
export const meta = {
- tags: ['admin'],
+ tags: ['meta'],
requireCredential: true,
- requireModerator: true,
res: {
type: 'object',
@@ -39,9 +39,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
@Inject(DI.registrationTicketsRepository)
private registrationTicketsRepository: RegistrationTicketsRepository,
+ private roleService: RoleService,
private idService: IdService,
) {
- super(meta, paramDef, async () => {
+ super(meta, paramDef, async (ps, me) => {
+ const role = await this.roleService.getUserRoleOptions(me.id);
+ if (!me.isRoot && !role.canInvite) {
+ throw new Error('access denied');
+ }
+
const code = rndstr({
length: 8,
chars: '2-9A-HJ-NP-Z', // [0-9A-Z] w/o [01IO] (32 patterns)
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-08 09:18:31 +0000