Apply permissioning on document modification endpoints (#637)

server/endpoints/system.js

@@ -189,7 +189,7 @@ function systemEndpoints(app) {
 
   app.get(
     "/system/system-vectors",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
     async (request, response) => {
       try {
         const query = queryParams(request);
@@ -207,7 +207,7 @@ function systemEndpoints(app) {
 
   app.delete(
     "/system/remove-document",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
     async (request, response) => {
       try {
         const { name } = reqBody(request);
@@ -222,7 +222,7 @@ function systemEndpoints(app) {
 
   app.delete(
     "/system/remove-folder",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
     async (request, response) => {
       try {
         const { name } = reqBody(request);
@@ -235,15 +235,19 @@ function systemEndpoints(app) {
     }
   );
 
-  app.get("/system/local-files", [validatedRequest], async (_, response) => {
+  app.get(
-    try {
+    "/system/local-files",
-      const localFiles = await viewLocalFiles();
+    [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
-      response.status(200).json({ localFiles });
+    async (_, response) => {
-    } catch (e) {
+      try {
-      console.log(e.message, e);
+        const localFiles = await viewLocalFiles();
-      response.sendStatus(500).end();
+        response.status(200).json({ localFiles });
+      } catch (e) {
+        console.log(e.message, e);
+        response.sendStatus(500).end();
+      }
     }
-  });
+  );
 
   app.get(
     "/system/document-processing-status",