🐛 fix(users.py): prevent non-superusers from changing their password

2023-09-25 19:12:57 -03:00 · 2023-09-25 19:12:57 -03:00 · 3a4ae5e37b
commit 3a4ae5e37b
parent c3df875f1a
1 changed files with 1 additions and 1 deletions
--- a/src/backend/langflow/api/v1/users.py
+++ b/src/backend/langflow/api/v1/users.py
@ -99,7 +99,7 @@ def patch_user(
        raise HTTPException(
            status_code=403, detail="You don't have the permission to update this user"
        )
-    if user_update.password:
+    if user_update.password and not user.is_superuser:
        raise HTTPException(
            status_code=400, detail="You can't change your password here"
        )