diff options
-rw-r--r-- | api4/oauth.go | 2 | ||||
-rw-r--r-- | api4/oauth_test.go | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/api4/oauth.go b/api4/oauth.go index b11a070e4..b54a43832 100644 --- a/api4/oauth.go +++ b/api4/oauth.go @@ -100,7 +100,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + if c.Session.UserId != oldOauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) return } diff --git a/api4/oauth_test.go b/api4/oauth_test.go index 8658e86e9..8dd602456 100644 --- a/api4/oauth_test.go +++ b/api4/oauth_test.go @@ -164,6 +164,13 @@ func TestUpdateOAuthApp(t *testing.T) { t.Fatal("IsTrusted should have updated") } + th.LoginBasic2() + updatedApp.CreatorId = th.BasicUser2.Id + _, resp = Client.UpdateOAuthApp(oapp) + CheckForbiddenStatus(t, resp) + + th.LoginBasic() + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOnlyAdminIntegrations = false }) th.App.SetDefaultRolesBasedOnConfig() _, resp = Client.UpdateOAuthApp(oapp) |