1 files changed, 7 insertions, 0 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index d22a745b4..990311d6f 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -77,6 +77,13 @@ const usersUpdateValidator = [
    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return
+    const user = res.locals.user
+    if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
+      return res.status(400)
+        .send({ error: 'Cannot change root role.' })
+        .end()
+    }
    return next()
  }
 ]

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index d22a745b4..990311d6f 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -77,6 +77,13 @@ const usersUpdateValidator = [
77	if (areValidationErrors(req, res)) return	77	if (areValidationErrors(req, res)) return
78	if (!await checkUserIdExist(req.params.id, res)) return	78	if (!await checkUserIdExist(req.params.id, res)) return
79		79
		80	const user = res.locals.user
		81	if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
		82	return res.status(400)
		83	.send({ error: 'Cannot change root role.' })
		84	.end()
		85	}
		86
80	return next()	87	return next()
81	}	88	}
82	]	89	]