From a734d5978e727cdb6f2c288f82f31ff29d59360b Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Tue, 10 Dec 2013 11:50:11 +0100
Subject: [PATCH] Check for user rola and session ownership

---
 src/main/java/de/thm/arsnova/services/QuestionService.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index c6cbb98d2..0237d5562 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -82,7 +82,7 @@ public class QuestionService implements IQuestionService {
 
 		User user = userService.getCurrentUser();
 
-		if (! user.hasRole(UserSessionService.Role.SPEAKER) || session.isCreator(user)) {
+		if (! user.hasRole(UserSessionService.Role.SPEAKER) && session.isCreator(user)) {
 			throw new ForbiddenException();
 		}
 
@@ -106,7 +106,7 @@ public class QuestionService implements IQuestionService {
 
 		User user = userService.getCurrentUser();
 
-		if (! user.hasRole(UserSessionService.Role.SPEAKER) || session.isCreator(user)) {
+		if (! user.hasRole(UserSessionService.Role.SPEAKER) && session.isCreator(user)) {
 			throw new ForbiddenException();
 		}
 
-- 
GitLab