From 2ad8bdbc65c38cc250004b8415344e314e296840 Mon Sep 17 00:00:00 2001
From: pablodanswer <pablo@danswer.ai>
Date: Sat, 28 Dec 2024 17:26:35 -0500
Subject: [PATCH] k

---
 backend/onyx/auth/schemas.py | 4 +++-
 backend/onyx/auth/users.py   | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/backend/onyx/auth/schemas.py b/backend/onyx/auth/schemas.py
index 51983dd3e00e..f2a4ef8a07a3 100644
--- a/backend/onyx/auth/schemas.py
+++ b/backend/onyx/auth/schemas.py
@@ -49,4 +49,6 @@ class UserCreate(schemas.BaseUserCreate):
 
 
 class UserUpdate(schemas.BaseUserUpdate):
-    role: UserRole
+    # Role updates are not allowed through the user update endpoint for security reasons
+    # Role changes should be handled through a separate, admin-only process
+    pass
diff --git a/backend/onyx/auth/users.py b/backend/onyx/auth/users.py
index eb337da90be5..86556bfe8d11 100644
--- a/backend/onyx/auth/users.py
+++ b/backend/onyx/auth/users.py
@@ -252,7 +252,6 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
                 if not user.role.is_web_login() and user_create.role.is_web_login():
                     user_update = UserUpdate(
                         password=user_create.password,
-                        role=user_create.role,
                         is_verified=user_create.is_verified,
                     )
                     user = await self.update(user_update, user)