Merge pull request #4500 from Countly/rights

[SER-823] [core] Fix permission check
Countly · Sep 6, 2023 · 53b5afc · 53b5afc
2 parents 9dd5a5e + 6f2f619
commit 53b5afc
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/api/utils/rights.js b/api/utils/rights.js
@@ -346,10 +346,12 @@ exports.validateAppAdmin = function(params, callback, callbackParam) {
                     return false;
                 }
 
-                if (!member.global_admin && member.permission._.a.indexOf(params.qstring.app_id) === -1) {
-                    common.returnMessage(params, 401, 'User does not have right');
-                    reject('User does not have right');
-                    return false;
+                if (!member.global_admin) {
+                    if (!member.permission || member.permission._.a.indexOf(params.qstring.app_id) === -1) {
+                        common.returnMessage(params, 401, 'User does not have right');
+                        reject('User does not have right');
+                        return false;
+                    }
                 }
 
                 if (member && member.locked) {