From 654dd8de969b134fb8d43df8ad581196dd128505 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Tue, 1 Feb 2022 02:59:19 +0100
Subject: [PATCH] check right on sendActivationEmail

---
 backend/src/auth/RIGHTS.ts                   | 1 +
 backend/src/graphql/resolver/UserResolver.ts | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/backend/src/auth/RIGHTS.ts b/backend/src/auth/RIGHTS.ts
index 8988620d7..e8a6a1aa3 100644
--- a/backend/src/auth/RIGHTS.ts
+++ b/backend/src/auth/RIGHTS.ts
@@ -26,4 +26,5 @@ export enum RIGHTS {
   SEARCH_PENDING_CREATION = 'SEARCH_PENDING_CREATION',
   DELETE_PENDING_CREATION = 'DELETE_PENDING_CREATION',
   CONFIRM_PENDING_CREATION = 'CONFIRM_PENDING_CREATION',
+  SEND_ACTIVATION_EMAIL = 'SEND_ACTIVATION_EMAIL',
 }
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 79a1734e6..d1bd6ad22 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -476,6 +476,8 @@ export class UserResolver {
     return 'success'
   }
 
+  // THis is used by the admin only - should we move it to the admin resolver?
+  @Authorized([RIGHTS.SEND_ACTIVATION_EMAIL])
   @Mutation(() => Boolean)
   async sendActivationEmail(@Arg('email') email: string): Promise<boolean> {
     const loginUserRepository = getCustomRepository(LoginUserRepository)