From 113365b9116fce1eb482816e3465898c4812ac35 Mon Sep 17 00:00:00 2001
From: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>
Date: Wed, 26 Nov 2025 07:01:08 -0600
Subject: [PATCH] require admin role to delete users

---
 frigate/api/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frigate/api/auth.py b/frigate/api/auth.py
index 1c1371f51..3210ca1f3 100644
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@@ -578,7 +578,7 @@ def create_user(
     return JSONResponse(content={"username": body.username})
 
 
-@router.delete("/users/{username}")
+@router.delete("/users/{username}", dependencies=[Depends(require_role(["admin"]))])
 def delete_user(username: str):
     User.delete_by_id(username)
     return JSONResponse(content={"success": True})