From bc1e3620f9d918e3d8c0b4d1afa4d0e35e832429 Mon Sep 17 00:00:00 2001 From: Cliff Johnson Date: Fri, 29 Sep 2023 11:29:36 -0500 Subject: [PATCH] require admin flag on request for update_settings --- app/controllers/api/v1/project_preferences_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/project_preferences_controller.rb b/app/controllers/api/v1/project_preferences_controller.rb index c690984d0..8a0b49b24 100644 --- a/app/controllers/api/v1/project_preferences_controller.rb +++ b/app/controllers/api/v1/project_preferences_controller.rb @@ -26,7 +26,7 @@ def find_upp_for_update_settings end def user_allowed? - @upp.project.owners_and_collaborators.include?(api_user.user) || api_user.user.is_admin? + @upp.project.owners_and_collaborators.include?(api_user.user) || api_user.is_admin? end def update_settings_response