From 1935d38bc42451964b2c67071aff8d7b3af9ad3c Mon Sep 17 00:00:00 2001
From: Nadir J <31660040+NadirJ@users.noreply.github.com>
Date: Fri, 26 Jul 2024 14:58:34 -0400
Subject: [PATCH] fix: log messages (#2995)

---
 src/backend/base/langflow/api/v1/users.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/backend/base/langflow/api/v1/users.py b/src/backend/base/langflow/api/v1/users.py
index f7261e9d2..41d27e3fd 100644
--- a/src/backend/base/langflow/api/v1/users.py
+++ b/src/backend/base/langflow/api/v1/users.py
@@ -89,8 +89,12 @@ def patch_user(
     """
     Update an existing user's data.
     """
+
+    if not user.is_superuser and user_update.is_superuser:
+        raise HTTPException(status_code=403, detail="Permission denied")
+
     if not user.is_superuser and user.id != user_id:
-        raise HTTPException(status_code=403, detail="You don't have the permission to update this user")
+        raise HTTPException(status_code=403, detail="Permission denied")
     if user_update.password:
         if not user.is_superuser:
             raise HTTPException(status_code=400, detail="You can't change your password here")
@@ -139,7 +143,7 @@ def delete_user(
     if current_user.id == user_id:
         raise HTTPException(status_code=400, detail="You can't delete your own user account")
     elif not current_user.is_superuser:
-        raise HTTPException(status_code=403, detail="You don't have the permission to delete this user")
+        raise HTTPException(status_code=403, detail="Permission denied")
 
     user_db = session.exec(select(User).where(User.id == user_id)).first()
     if not user_db: