diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java index d02c977..50bcc6f 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java @@ -577,7 +577,7 @@ public class UserService { var currentRoles = getRoles(currentUserResource.toRepresentation().getId()); var userRoles = getRoles(targetUserId); - if (currentRoles.stream() + if (userRoles.stream() .anyMatch(ApplicationRoles::isKneconRole)) { return ValidationStatus.INVALID; } diff --git a/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java b/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java index 8c3113e..7030575 100644 --- a/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java +++ b/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java @@ -462,9 +462,9 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { e = assertThrows(FeignException.class, () -> userClient.updateProfile(user.getUserId(), new UpdateProfileRequest())); assertEquals(404, e.status()); - // or reset password as it is forbidden (higher rights) + // or reset password e = assertThrows(FeignException.class, () -> userClient.resetPassword(user.getUserId(), new ResetPasswordRequest())); - assertEquals(403, e.status()); + assertEquals(404, e.status()); // now as a knecon admin again tokenService.setUser("admin@knecon.com", "secret");