From f3023eb82c3e20ba2e72e57a608be76752838a38 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 14 Nov 2022 11:37:58 +0100
Subject: [PATCH] fix: [individual edit] permission check fix

---
 src/Controller/IndividualsController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/IndividualsController.php b/src/Controller/IndividualsController.php
index 66271e3..bd3c852 100644
--- a/src/Controller/IndividualsController.php
+++ b/src/Controller/IndividualsController.php
@@ -81,9 +81,9 @@ class IndividualsController extends AppController
         }
         $currentUser = $this->ACL->getUser();
         $validIndividualIds = [];
-        if ($currentUser['role']['perm_admin']) {
+        if (!$currentUser['role']['perm_admin']) {
             $validIndividualIds = $this->Individuals->getValidIndividualsToEdit($currentUser);
-            if (!isset($validIndividualIds[$id])) {
+            if (!in_array($id, $validIndividualIds)) {
                 throw new NotFoundException(__('Invalid individual.'));
             }
         }