[backend] Fix organization admin user can't edit user account status

(#8011)
OpenCTI-Platform · Aug 16, 2024 · 5b1e609 · 5b1e609
1 parent 078052e
commit 5b1e609
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/opencti-platform/opencti-graphql/src/domain/user.js b/opencti-platform/opencti-graphql/src/domain/user.js
@@ -665,7 +665,7 @@ export const userEditField = async (context, user, userId, rawInputs) => {
   // Check in an organization admin edits a user that's not in its administrated organizations
   const myAdministratedOrganizationsIds = user.administrated_organizations.map((orga) => orga.id);
   if (!isUserHasCapability(user, SETTINGS_SET_ACCESSES) && isUserHasCapability(user, VIRTUAL_ORGANIZATION_ADMIN)) {
-    if (!userToUpdate.objectOrganization.find((orga) => myAdministratedOrganizationsIds.includes(orga))) {
+    if (!userToUpdate['rel_granted.internal_id'].find((orga) => myAdministratedOrganizationsIds.includes(orga))) {
       throw ForbiddenAccess();
     }
   }