patrick/Tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX changePassword ownership-check was not negated

Browse Source
This commit is contained in:
Patrick Haßel 2024-10-29 15:09:39 +01:00
parent 118c246a86
commit 90504dd7bb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/de/ph87/tools/group/GroupService.java
View File

@ -79,7 +79,7 @@ public class GroupService {
public GroupDto changePassword(@NonNull final String privateUuid, @NonNull final GroupChangePasswordInbound request) {
final User user = userService.getByPrivateUuidOrThrow(privateUuid);
final Group group = groupOfUserService.getGroupOfUser(request.uuid, user);
if (group.isOwnedBy(user)) {
if (!group.isOwnedBy(user)) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
}
group.setPassword(request.password);