pass access token through API to enforce rank

2025-06-21 12:40:37 -04:00 · 2025-06-21 12:40:37 -04:00 · 186c615e3f
commit 186c615e3f
parent fae87e03c0
166 changed files with 473 additions and 380 deletions
--- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
@ -121,7 +121,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					throw new ApiError(meta.errors.noPermission);
 				}

-				if (me && !await this.roleService.isAdministrator(me)) {
+				if (me && !await this.roleService.isAdministrator(me, token)) {
 					// Only administrators (including root) can create users.
 					throw new ApiError(meta.errors.noAdmin);
 				}