fix: User with no root permissions is allowed to successfully delete user using Postman

[VeronikaHordus]

Describe your issue

User with no Root permission can commit deliting of user, user group using Postman.

Steps to reproduce

1. In Postman login with user data who does not have any of root permissions. (GET : /auth/sign-in)
2. Copy the token from the Responce body of the Step 1
3. Create a new request to Get all users (inject the token from step 2 into the Authorization ) (GET: /users)
4. Pick a user from the list and copy its id for the next step
5. Create a request to delete user (DELETE /users ) inject the user id from the step 4 into the request body
6. Observe the responce status code

What was the actual result?

User is suvvessfully deleted from the application.

What was the expected result?

The 403 Forbidden status code shown. User cannot be deleted without a root Access Managment permission.

Put here any screenshots or videos (optional)

What OS are you seeing the problem on?

Windows

What browsers are you seeing the problem on?

Other (mention in the description)

Severity

Major (S3)