From 5b55c4498bf74317df7f388563be253898906cd1 Mon Sep 17 00:00:00 2001
From: Davor <davor.ivankovic2@gmail.com>
Date: Sat, 9 Jul 2022 12:18:03 +0200
Subject: [PATCH] non admin can't change app roles

---
 areas/users/user_service.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/areas/users/user_service.py b/areas/users/user_service.py
index a0b50c3..d434b96 100644
--- a/areas/users/user_service.py
+++ b/areas/users/user_service.py
@@ -1,5 +1,6 @@
 from database import db
 from areas.apps.models import App, AppRole
+from areas.roles.role_service import RoleService
 from helpers import KratosApi
 
 class UserService:
@@ -76,9 +77,9 @@ class UserService:
         }
         KratosApi.put("/admin/identities/{}".format(id), kratos_data)
 
-        # TODO: if the user is no admin - he can't change app roles - implement
-
-        if data["app_roles"]:
+        is_admin = RoleService.is_user_admin(id)
+        
+        if is_admin and data["app_roles"]:
             app_roles = data["app_roles"]
             for ar in app_roles:
                 app = App.query.filter_by(slug=ar["name"]).first()