From 64eab850c53b411a5891ce941ef7db7e34f1c8ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 23 Aug 2017 15:38:27 +0200
Subject: [PATCH] Orgs: pillar admins can always edit an organization

---
 pillar/api/organizations/patch.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pillar/api/organizations/patch.py b/pillar/api/organizations/patch.py
index e008f8db..ada68a36 100644
--- a/pillar/api/organizations/patch.py
+++ b/pillar/api/organizations/patch.py
@@ -88,6 +88,10 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
     def _assert_is_admin(self, org_id):
         om = current_app.org_manager
 
+        if current_user().has_cap('admin'):
+            # Always allow admins to edit every organization.
+            return
+
         if not om.user_is_admin(org_id):
             log.warning('User %s uses PATCH to edit organization %s, '
                         'but is not admin of that Organization. Request denied.',