From b0163e9eaefcfd1d13b375b427cc20ec58fb447f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 8 Jul 2020 12:26:46 +0200 Subject: [PATCH] Fix project creation by non-admin users --- src/lib/Hydra/Controller/Project.pm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/Hydra/Controller/Project.pm b/src/lib/Hydra/Controller/Project.pm index c74e9073..f60bb494 100644 --- a/src/lib/Hydra/Controller/Project.pm +++ b/src/lib/Hydra/Controller/Project.pm @@ -12,12 +12,14 @@ sub projectChain :Chained('/') :PathPart('project') :CaptureArgs(1) { my ($self, $c, $projectName) = @_; $c->stash->{params}->{name} //= $projectName; + my $isCreate = $c->action->name eq "project" && $c->request->method eq "PUT"; + $c->stash->{project} = $c->model('DB::Projects')->find($projectName); - $c->stash->{isProjectOwner} = isProjectOwner($c, $c->stash->{project}); + $c->stash->{isProjectOwner} = !$isCreate && isProjectOwner($c, $c->stash->{project}); notFound($c, "Project ‘$projectName’ doesn't exist.") - if !$c->stash->{project} && !($c->action->name eq "project" and $c->request->method eq "PUT"); + if !$c->stash->{project} && !$isCreate; }