From c01cfa373f440ee8defb4b7c69f4445149a65281 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen.d.mladenov@protonmail.com>
Date: Thu, 4 Feb 2021 15:39:16 +0200
Subject: Fixed user service JWT validation, that skipped role check if user is
 admin (meaning if a user is once an admin, their token will coninue to be
 valid, even if we removed their admin role)

---
 src/DevHive.Services/Services/UserService.cs | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'src/DevHive.Services/Services/UserService.cs')

diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index 3feca9f..9cc4a8e 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -191,9 +191,6 @@ namespace DevHive.Services.Services
 			/* Check if user is trying to do something to himself, unless he's an admin */
 
 			/* Check roles */
-			if (jwtRoleNames.Contains(Role.AdminRole))
-				return true;
-
 			if (!jwtRoleNames.Contains(Role.AdminRole))
 				if (user.Id != id)
 					return false;
-- 
cgit v1.2.3