Bugfix for super_users who are also manager

Before this commit super_users with also the manager_role could not change the applications for a role, due to the constraint that this is not allowed for managers.
OpenConext · Nov 18, 2024 · 0729bea · 0729bea
1 parent 1bb7a88
commit 0729bea
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/server/src/main/java/access/api/RoleController.java b/server/src/main/java/access/api/RoleController.java
@@ -202,7 +202,8 @@ private ResponseEntity<Role> saveOrUpdate(Role role, User user) {
         boolean isNew = role.getId() == null;
         List<String> previousApplicationIdentifiers = new ArrayList<>();
         Optional<UserRole> optionalUserRole = user.userRoleForRole(role);
-        boolean immutableApplicationUsages = optionalUserRole.isPresent() && optionalUserRole.get().getAuthority().equals(Authority.MANAGER);
+        boolean immutableApplicationUsages = !user.isSuperUser() && 
+                optionalUserRole.isPresent() && optionalUserRole.get().getAuthority().equals(Authority.MANAGER);
         boolean nameChanged = false;
         if (!isNew) {
             Role previousRole = roleRepository.findById(role.getId()).orElseThrow(() -> new NotFoundException("Role not found"));