fix: restrict user creation to admin users only

This commit is contained in:
Manuel Weiser 2024-09-02 11:09:26 +02:00
parent 99fc0e2cf8
commit b7fb379984

View File

@ -36,6 +36,8 @@ def before_request():
@user_bp.route('/users', methods=['POST'])
def create_user():
if not authenticate() or g.user.role != 'admin':
return jsonify({'message': 'Unauthorized access! Only admins can create users.'}), 401
data = request.json
hashed_password = generate_password_hash(data['password'])
new_user = User(