From 2b594b09c22c8d1eb197b03963d7cbf2b3bd815d Mon Sep 17 00:00:00 2001
From: Andrew Kingston <andrew@kingston.dev>
Date: Thu, 9 Jun 2022 14:26:56 +0100
Subject: [PATCH] Delete user builder and admin flags when specifying a custom
 role via dev tools

---
 packages/server/src/middleware/currentapp.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js
index 8ddf608572..61be834d45 100644
--- a/packages/server/src/middleware/currentapp.js
+++ b/packages/server/src/middleware/currentapp.js
@@ -74,6 +74,10 @@ module.exports = async (ctx, next) => {
       try {
         await getRole(roleHeader)
         roleId = roleHeader
+
+        // Delete admin and builder flags so that the specified role is honoured
+        delete ctx.user.builder
+        delete ctx.user.admin
       } catch (error) {
         // Swallow error and do nothing
       }