From 033b05f67928992bee2396c511ba7c1f3403831b Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Thu, 3 Oct 2024 20:25:35 -0400
Subject: [PATCH] fix: User cannot update profile when MembersCanDeleteAccount
 setting is disabled, closes #7729

---
 server/policies/user.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/policies/user.ts b/server/policies/user.ts
index f53a281d02..e7f82127ea 100644
--- a/server/policies/user.ts
+++ b/server/policies/user.ts
@@ -23,9 +23,16 @@ allow(User, "inviteUser", Team, (actor, team) =>
   )
 );
 
-allow(User, ["update", "delete", "readDetails"], User, (actor, user) =>
+allow(User, ["update", "readDetails"], User, (actor, user) =>
   or(
     //
+    isTeamAdmin(actor, user),
+    actor.id === user?.id
+  )
+);
+
+allow(User, "delete", User, (actor, user) =>
+  or(
     isTeamAdmin(actor, user),
     and(
       actor.id === user?.id,