non admin can't change app roles

areas/users/user_service.py

@@ -1,5 +1,6 @@
 from database import db
 from areas.apps.models import App, AppRole
+from areas.roles.role_service import RoleService
 from helpers import KratosApi
 
 class UserService:
@@ -76,9 +77,9 @@ class UserService:
         }
         KratosApi.put("/admin/identities/{}".format(id), kratos_data)
 
-        # TODO: if the user is no admin - he can't change app roles - implement
-
-        if data["app_roles"]:
+        is_admin = RoleService.is_user_admin(id)
+        
+        if is_admin and data["app_roles"]:
             app_roles = data["app_roles"]
             for ar in app_roles:
                 app = App.query.filter_by(slug=ar["name"]).first()