From 78903ec033ac2f2bc764972f3f20ad98c83b6768 Mon Sep 17 00:00:00 2001 From: Terrtia Date: Tue, 8 Dec 2020 17:08:39 +0100 Subject: [PATCH] fix: [Tracker] edit tracker ACL --- bin/lib/Tracker.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/lib/Tracker.py b/bin/lib/Tracker.py index 9efbd375..844e1093 100755 --- a/bin/lib/Tracker.py +++ b/bin/lib/Tracker.py @@ -183,7 +183,7 @@ def api_is_allowed_to_edit_tracker(tracker_uuid, user_id): tracker_creator = r_serv_tracker.hget('tracker:{}'.format(tracker_uuid), 'user_id') if not tracker_creator: return ({"status": "error", "reason": "Unknown uuid"}, 404) - if not is_in_role(user_id, 'admin') or user_id != tracker_creator: + if not is_in_role(user_id, 'admin') and user_id != tracker_creator: return ({"status": "error", "reason": "Access Denied"}, 403) return ({"uuid": tracker_uuid}, 200)