From 891a1ea2af67758efbc68ef622149e9b6f4bc5f7 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 5 Nov 2020 10:22:07 -0500
Subject: [PATCH] fix: #8827, do not require admin:users privilege to ban users

---
 src/controllers/write/users.js | 2 --
 src/privileges/admin.js        | 2 --
 2 files changed, 4 deletions(-)

diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js
index 265a6c71a4..8e7ea756b9 100644
--- a/src/controllers/write/users.js
+++ b/src/controllers/write/users.js
@@ -59,13 +59,11 @@ Users.unfollow = async (req, res) => {
 };
 
 Users.ban = async (req, res) => {
-	await hasAdminPrivilege(req.uid, 'users');
 	await api.users.ban(req, { ...req.body, uid: req.params.uid });
 	helpers.formatApiResponse(200, res);
 };
 
 Users.unban = async (req, res) => {
-	await hasAdminPrivilege(req.uid, 'users');
 	await api.users.unban(req, { ...req.body, uid: req.params.uid });
 	helpers.formatApiResponse(200, res);
 };
diff --git a/src/privileges/admin.js b/src/privileges/admin.js
index 5de26f8e22..dc8ad7e343 100644
--- a/src/privileges/admin.js
+++ b/src/privileges/admin.js
@@ -69,8 +69,6 @@ module.exports = function (privileges) {
 		'admin.user.loadGroups': 'admin:users',
 		'admin.groups.join': 'admin:users',
 		'admin.groups.leave': 'admin:users',
-		'user.banUsers': 'admin:users',
-		'user.unbanUsers': 'admin:users',
 		'admin.user.resetLockouts': 'admin:users',
 		'admin.user.validateEmail': 'admin:users',
 		'admin.user.sendValidationEmail': 'admin:users',