From 7e86273e91ffd33ab4f8ceed0e1a28bb2c693d62 Mon Sep 17 00:00:00 2001
From: Quentin RIBAC <quentin.ribac@xelians.fr>
Date: Tue, 29 Mar 2022 18:02:42 +0200
Subject: [PATCH] FEAT #17436 TIME 0:15 prioritize group managers over user
 managers

---
 src/app/group/controllers/PrivilegeController.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/app/group/controllers/PrivilegeController.php b/src/app/group/controllers/PrivilegeController.php
index de5329596e..bc6f0bc9c2 100755
--- a/src/app/group/controllers/PrivilegeController.php
+++ b/src/app/group/controllers/PrivilegeController.php
@@ -90,10 +90,10 @@ class PrivilegeController
             if (empty($args['readOnly']) && !isset($args['parameters']['authorized'])) {
                 return false;
             }
-            if (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
-                return false;
-            } elseif (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
+            if (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
                 return true;
+            } elseif (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
+                return false;
             } else {
                 $candidateGroups = $args['parameters']['authorized'] ?? [];
                 $manageableGroups = array_column(UserController::getManageableGroups(['userId' => $args['userId']]), 'id');
-- 
GitLab