users with role 'admin' are allowed to delete centers from other users

corona-warn-app · Sep 15, 2021 · f2aea68 · f2aea68
1 parent 6914331
commit f2aea68
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/api/centers.go b/src/api/centers.go
@@ -288,7 +288,7 @@ func (c *Centers) DeleteCenter(_ http.ResponseWriter, r *http.Request) (interfac
 		return nil, err
 	}
 
-	if center.OperatorUUID != operator.UUID {
+	if center.OperatorUUID != operator.UUID && !security.HasRole(r.Context(), security.RoleAdmin) {
 		return nil, security.ErrForbidden
 	}