final tweaks.

2025-12-04 10:55:23 -08:00
parent f915e33dab
commit c3e943f135
3 changed files with 13 additions and 5 deletions
--- a/admin.py
+++ b/admin.py
@@ -126,11 +126,13 @@ def register_admin_routes(app):
            
            # Update user in Firestore
            user_ref = db.collection("users").document(target_uid)
-            user_ref.update({
+            # Only update fields that can be changed, excluding is_admin
+            update_data = {
                "enabled": data.get("enabled", False),
-                "is_admin": data.get("is_admin", False),
                "case_email": data.get("case_email", "")
-            })
+            }
+            # Never allow changing is_admin field during updates - admin status can only be set during creation
+            user_ref.update(update_data)
            
            return jsonify({"success": True})