add conditional to check if user is admin before making other admins

Author: schmidgallm

functions/index.js

@@ -6,6 +6,12 @@ admin.initializeApp();
 
 // add admin role function
 exports.addAdminRole = functions.https.onCall((data, context) => {
+  // check request is made by admin
+  if (context.auth.token.admin !== true) {
+    return {
+      error: 'Only admins can add other admins',
+    };
+  }
   // get user and add custom claim (admin)
   return admin
     .auth()