Actions
Bug #25
closedAdmin user can be created without role assignment (role is null)
Status:
Closed
Priority:
Normal
Assignee:
-
Description
The system allows creation of an Admin user without assigning any role. When the role field is not provided in the request, the user is still successfully created with "role": null.
This leads to creation of incomplete user records and may impact role-based access control (RBAC) functionality.
Steps to Reproduce
- Send a POST request to:
https://api.akinderwellness.com:4001/api/admin/add-admin - In request body, provide:
- password
- Do not include the role field
- Send the request
Actual Result
User is created successfully
API response:
{
"success": true,
"message": "Registered successfully",
"res": {
"userType": "Admin",
"webToken": [],
"fcmToken": [],
"notification_weekly_report": false,
"notification_password_change": false,
"notification_all_activies": false,
"notification_new_request": false,
"notification_new_referral": false,
"notification_new_message": false,
"language": "en",
"If_Deleted": false,
"_id": "69bb9197190f06f44b128cb0",
"email": "arbtestemailtemp@gmail.com",
"role": null,
"createdBy": "603c4a2f9644be25e93e1089",
"password": "$2a$10$BK1d/hK.JPKiyUDmqDyYO.YQAA.CJkj4set4R8QYt4XCPefhgNBSC",
"secondary_password": null,
"createdAt": "2026-03-19T06:03:03.946Z",
"__v": 0
}
}
Expected Result
- System should not allow user creation without a role
- API should return validation error such as:
"Role is required"or System should assign a default role automatically
Files
Updated by Adhi Narayanan about 1 month ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Updated by Vivek Kumar about 1 month ago
- Status changed from Resolved to In Progress
Updated by Adhi Narayanan about 1 month ago
- Status changed from In Progress to Resolved
Updated by Vivek Kumar about 1 month ago
- Related to Bug #27: API accepts arbitrary role IDs during admin creation. added
Actions