update: now admin can see other admins

routes/userRoutes.js

@@ -86,10 +86,13 @@ router.get("/user_profile/:userId", async (req, res) => {
 router.get("/users/:province", async (req, res) => {
   try {
     const province = req.params.province;
+    const requestingUser = await User.findById(req.userId);
 
-    const users = (await User.find({ province: province })).filter(
-      (item) => !item.permissions.includes("admin")
-    );
+    let users = await User.find({ province });
+
+    if (!requestingUser?.permissions?.includes("admin")) {
+      users = users.filter((item) => !item.permissions?.includes("admin"));
+    }
 
     res.status(200).json(users);
   } catch (error) {
@@ -125,7 +128,7 @@ router.put("/user/:userId", async (req, res) => {
     const updatedUser = await User.findByIdAndUpdate(
       userId,
       { mobile, password, fullname, pic, province, permissions },
-      { new: true } // Set { new: true } to return the updated document
+      { new: true }, // Set { new: true } to return the updated document
     );
 
     if (!updatedUser) {