Skip to content
Snippets Groups Projects
Commit 1694120f authored by Christoph Thelen's avatar Christoph Thelen
Browse files

Check user before allowing setActive

parent d82dfbec
Branches
Tags
No related merge requests found
......@@ -233,6 +233,10 @@ public class SessionService implements ISessionService {
@Override
public Session setActive(String sessionkey, Boolean lock) {
Session session = databaseDao.getSessionFromKeyword(sessionkey);
User user = userService.getCurrentUser();
if (!session.isCreator(user)) {
throw new ForbiddenException();
}
return databaseDao.lockSession(session, lock);
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment