From 46961586c5684714adcfd662394acbdec2ca775e Mon Sep 17 00:00:00 2001
From: Andris Reinman <andris@reinman.eu>
Date: Wed, 18 May 2022 09:17:04 +0300
Subject: [PATCH] Changed permissions for deleteing webauthn token

---
 lib/api/2fa/webauthn.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/api/2fa/webauthn.js b/lib/api/2fa/webauthn.js
index be538393..885f0933 100644
--- a/lib/api/2fa/webauthn.js
+++ b/lib/api/2fa/webauthn.js
@@ -101,9 +101,9 @@ module.exports = (db, server, userHandler) => {
 
             // permissions check
             if (req.user && req.user === result.value.user) {
-                req.validate(roles.can(req.role).deleteOwn('users'));
+                req.validate(roles.can(req.role).updateOwn('users'));
             } else {
-                req.validate(roles.can(req.role).deleteAny('users'));
+                req.validate(roles.can(req.role).updateAny('users'));
             }
 
             let user = new ObjectId(result.value.user);