From 0729bea692a1be4ffdcfb3dae04c635f2b336556 Mon Sep 17 00:00:00 2001
From: Okke Harsta <oharsta@zilverline.com>
Date: Mon, 18 Nov 2024 14:11:39 +0100
Subject: [PATCH] Bugfix for super_users who are also manager Before this
 commit super_users with also the manager_role could not change the
 applications for a role, due to the constraint that this is not allowed for
 managers.

---
 server/src/main/java/access/api/RoleController.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/src/main/java/access/api/RoleController.java b/server/src/main/java/access/api/RoleController.java
index f4fc1823..c71087d6 100644
--- a/server/src/main/java/access/api/RoleController.java
+++ b/server/src/main/java/access/api/RoleController.java
@@ -202,7 +202,8 @@ private ResponseEntity<Role> saveOrUpdate(Role role, User user) {
         boolean isNew = role.getId() == null;
         List<String> previousApplicationIdentifiers = new ArrayList<>();
         Optional<UserRole> optionalUserRole = user.userRoleForRole(role);
-        boolean immutableApplicationUsages = optionalUserRole.isPresent() && optionalUserRole.get().getAuthority().equals(Authority.MANAGER);
+        boolean immutableApplicationUsages = !user.isSuperUser() && 
+                optionalUserRole.isPresent() && optionalUserRole.get().getAuthority().equals(Authority.MANAGER);
         boolean nameChanged = false;
         if (!isNew) {
             Role previousRole = roleRepository.findById(role.getId()).orElseThrow(() -> new NotFoundException("Role not found"));