trafficlunar/tomodachi-share
1
0
Fork 0
mirror of https://github.com/trafficlunar/tomodachi-share.git synced 2026-06-27 22:24:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: prevent non-admins from editing miis' admin fields

Browse source
This commit is contained in:
trafficlunar 2026-05-14 23:07:59 +01:00
parent 333c97bfca
commit 69ed620873
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/src/app/api/mii/[id]/edit/route.ts
View file

@ -153,7 +153,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
}
// Prevent non-admins from quarantining Miis
if (quarantined && needsFixingReason && session.user?.id?.toString() !== process.env.NEXT_PUBLIC_ADMIN_USER_ID)
if ((quarantined || needsFixingReason) && session.user?.id?.toString() !== process.env.NEXT_PUBLIC_ADMIN_USER_ID)
return rateLimit.sendResponse({ error: `You're not an admin!` }, 401);
const clearImages = formData.get("clearImages") === "true";