fix: [Tracker] edit tracker ACL

2020-12-08 17:08:39 +01:00 · 2020-12-08 17:08:39 +01:00 · 78903ec033
parent 4fa320741c
commit 78903ec033
1 changed files with 1 additions and 1 deletions
--- a/bin/lib/Tracker.py
+++ b/bin/lib/Tracker.py
@ -183,7 +183,7 @@ def api_is_allowed_to_edit_tracker(tracker_uuid, user_id):
    tracker_creator = r_serv_tracker.hget('tracker:{}'.format(tracker_uuid), 'user_id')
    if not tracker_creator:
        return ({"status": "error", "reason": "Unknown uuid"}, 404)
-    if not is_in_role(user_id, 'admin') or user_id != tracker_creator:
+    if not is_in_role(user_id, 'admin') and user_id != tracker_creator:
        return ({"status": "error", "reason": "Access Denied"}, 403)
    return ({"uuid": tracker_uuid}, 200)