To allow transfer ownership, a user has to be able to update its role if permissions are granted by current role

src/routes/users.js

@@ -72,8 +72,6 @@ function update(req, res, next) {
 
     if ('role' in req.body) {
         if (typeof req.body.role !== 'string') return next(new HttpError(400, 'role must be a string'));
-        if (req.user.id === req.resource.id) return next(new HttpError(409, 'Cannot set role flag on self'));
-
         if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but you are only '${req.user.role}'`));
     }