fix: check edited member, not editor, for org owner permission guard (#6024)

fix: check edited member, not editor, for org owner permission guard (#1400)
2026-05-07 16:59:05 +02:00
parent 871672d8bf
commit 22415a4cc6
1 changed files with 13 additions and 1 deletions
--- a/apps/labrinth/src/routes/v3/teams.rs
+++ b/apps/labrinth/src/routes/v3/teams.rs
@@ -760,7 +760,19 @@ pub async fn edit_team_member(
                    None
                };

-            if organization_team_member
+            let edited_member_organization_team_member =
+                if let Some(organization) = &organization {
+                    DBTeamMember::get_from_user_id(
+                        organization.team_id,
+                        user_id,
+                        &**pool,
+                    )
+                    .await?
+                } else {
+                    None
+                };
+
+            if edited_member_organization_team_member
                .as_ref()
                .is_some_and(|x| x.is_owner)
                && edit_member