From c71186f3187754c716e08e4459236ae61c5438df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= Date: Wed, 5 Oct 2016 14:36:07 +0200 Subject: [PATCH] Allow project membership to be managed by ppl with admin role. This was already mentioned as possible in the frontend, but not implemented in the backend. --- pillar/api/projects/routes.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pillar/api/projects/routes.py b/pillar/api/projects/routes.py index e7bbe310..57a53d04 100644 --- a/pillar/api/projects/routes.py +++ b/pillar/api/projects/routes.py @@ -65,9 +65,10 @@ def project_manage_users(): project = projects_collection.find_one({'_id': project_id}) # Check if the current_user is owner of the project, or removing themselves. - remove_self = target_user_id == current_user_id and action == 'remove' - if project['user'] != current_user_id and not remove_self: - utils.abort_with_error(403) + if not authorization.user_has_role(u'admin'): + remove_self = target_user_id == current_user_id and action == 'remove' + if project['user'] != current_user_id and not remove_self: + utils.abort_with_error(403) admin_group = utils.get_admin_group(project)