Remove redundant requireAdmin

We already hand out scopes based on the user's access control
2018-04-27 21:47:11 -07:00
parent 9789966017
commit bc4f9cf596
7 changed files with 116 additions and 109 deletions
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -7,7 +7,6 @@ exports = module.exports = {
    create: create,
    remove: remove,
    verifyPassword: verifyPassword,
-    requireAdmin: requireAdmin,
    sendInvite: sendInvite,
    setGroups: setGroups
 };
@@ -146,17 +145,6 @@ function verifyPassword(req, res, next) {
    });
 }

-/*
-    Middleware which makes the route only accessable for the admin user.
-*/
-function requireAdmin(req, res, next) {
-    assert.strictEqual(typeof req.user, 'object');
-
-    if (!req.user.admin) return next(new HttpError(403, 'API call requires admin rights.'));
-
-    next();
-}
-
 function sendInvite(req, res, next) {
    assert.strictEqual(typeof req.params.userId, 'string');