From 50ea4b58778e364220d14bb7daf17372ea211190 Mon Sep 17 00:00:00 2001 From: Philip Molares Date: Mon, 3 Oct 2022 21:12:53 +0200 Subject: [PATCH] fix(note): permissions of purgeNoteRevisions This should only be allowed to be done by owners. Signed-off-by: Philip Molares --- src/api/private/notes/notes.controller.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/private/notes/notes.controller.ts b/src/api/private/notes/notes.controller.ts index c4d1ec8ab..b823e8de2 100644 --- a/src/api/private/notes/notes.controller.ts +++ b/src/api/private/notes/notes.controller.ts @@ -165,7 +165,7 @@ export class NotesController { @Delete(':noteIdOrAlias/revisions') @OpenApi(204, 404) - @Permissions(Permission.READ) + @Permissions(Permission.OWNER) @UseInterceptors(GetNoteInterceptor) async purgeNoteRevisions( @RequestUser() user: User,