From 3a162e69840c64f9a68222b4eb330270ff11ab20 Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Tue, 10 Dec 2013 11:57:47 +0100
Subject: [PATCH] Check for session ownership only to prefent other issues due
 to role ownership bugs

---
 src/main/java/de/thm/arsnova/services/QuestionService.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index 0237d556..2d830ffa 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -82,7 +82,7 @@ public class QuestionService implements IQuestionService {
 
 		User user = userService.getCurrentUser();
 
-		if (! user.hasRole(UserSessionService.Role.SPEAKER) && session.isCreator(user)) {
+		if (! session.isCreator(user)) {
 			throw new ForbiddenException();
 		}
 
@@ -106,7 +106,7 @@ public class QuestionService implements IQuestionService {
 
 		User user = userService.getCurrentUser();
 
-		if (! user.hasRole(UserSessionService.Role.SPEAKER) && session.isCreator(user)) {
+		if (! session.isCreator(user)) {
 			throw new ForbiddenException();
 		}
 
-- 
GitLab