From 187232a95febcfbe21b6d3c401362ff773bdfd97 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 4 Mar 2026 14:14:28 +0100 Subject: [PATCH] feat: update user access control to allow directors to list school users --- backend/routes/admin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/routes/admin.py b/backend/routes/admin.py index 3ad77ab..b458757 100644 --- a/backend/routes/admin.py +++ b/backend/routes/admin.py @@ -238,7 +238,7 @@ def activate_year(year_id): @admin_bp.route('/schools//users', methods=['GET']) @login_required -@school_ict_required +@director_or_ict_required def list_school_users(school_id): if not current_user.is_scholengroep_ict and current_user.school_id != school_id: return jsonify({'error': 'Geen toegang tot deze school'}), 403