fix: #8827, do not require admin:users privilege to ban users

4 years ago · 891a1ea2af
parent 540a32cfdd
commit 891a1ea2af
2 changed files with 0 additions and 4 deletions
--- a/src/controllers/write/users.js
+++ b/src/controllers/write/users.js
@ -59,13 +59,11 @@ Users.unfollow = async (req, res) => {
 };

 Users.ban = async (req, res) => {
-	await hasAdminPrivilege(req.uid, 'users');
 	await api.users.ban(req, { ...req.body, uid: req.params.uid });
 	helpers.formatApiResponse(200, res);
 };

 Users.unban = async (req, res) => {
-	await hasAdminPrivilege(req.uid, 'users');
 	await api.users.unban(req, { ...req.body, uid: req.params.uid });
 	helpers.formatApiResponse(200, res);
 };
--- a/src/privileges/admin.js
+++ b/src/privileges/admin.js
@ -69,8 +69,6 @@ module.exports = function (privileges) {
 		'admin.user.loadGroups': 'admin:users',
 		'admin.groups.join': 'admin:users',
 		'admin.groups.leave': 'admin:users',
-		'user.banUsers': 'admin:users',
-		'user.unbanUsers': 'admin:users',
 		'admin.user.resetLockouts': 'admin:users',
 		'admin.user.validateEmail': 'admin:users',
 		'admin.user.sendValidationEmail': 'admin:users',