FIX changePassword ownership-check was not negated

2024-10-29 15:09:39 +01:00 · 2024-10-29 15:09:39 +01:00 · 90504dd7bb
commit 90504dd7bb
parent 118c246a86
1 changed files with 1 additions and 1 deletions
--- a/src/main/java/de/ph87/tools/group/GroupService.java
+++ b/src/main/java/de/ph87/tools/group/GroupService.java
@ -79,7 +79,7 @@ public class GroupService {
  public GroupDto changePassword(@NonNull final String privateUuid, @NonNull final GroupChangePasswordInbound request) {
    final User user = userService.getByPrivateUuidOrThrow(privateUuid);
    final Group group = groupOfUserService.getGroupOfUser(request.uuid, user);
-    if (group.isOwnedBy(user)) {
+    if (!group.isOwnedBy(user)) {
      throw new ResponseStatusException(HttpStatus.FORBIDDEN);
    }
    group.setPassword(request.password);