Regular users are able to create invites with ADMIN role

Question

Closed this issue 3 months ago · 1 comments

To reproduce:

As a regular user in a paid organisation, use an API client to send a POST request to /api/v1/organisations/:id/invite/ with the role of "ADMIN"`.

Expected behaviour:

The user receives a 403

Actual behaviour:

The invite is created

Answer 1 · 2024-10-02T08:58:06.000Z

Resolved in #4653