Any user can remove self from cache

2023-01-26 10:31:46 +01:00 · 2023-01-26 10:31:46 +01:00 · 180e043e65
parent 4e015d5a44
commit 180e043e65
1 changed files with 2 additions and 1 deletions
--- a/src/main/java/org/gcube/gcat/rest/administration/User.java
+++ b/src/main/java/org/gcube/gcat/rest/administration/User.java
@ -158,7 +158,8 @@ public class User extends REST<CKANUser> implements org.gcube.gcat.api.interface
 	public Response removeUserFromCache(@PathParam(GCUBE_USERNAME_PARAMETER) String username) {
 		SecretManager secretManager = SecretManagerProvider.instance.get();
 		org.gcube.common.authorization.utils.user.User user = secretManager.getUser();
-		if(user.getRoles().contains(Role.MANAGER.getPortalRole())) {
+		if(user.getRoles().contains(Role.MANAGER.getPortalRole()) || user.getUsername().compareToIgnoreCase(username)==0) {
 			// Any user can remove self from cache
 			CKANUserCache.removeUserFromCache(username);
 		}else {
 			throw new ForbiddenException("Only " + Role.MANAGER.getPortalRole() + "s are authorized to remove an user from the cache");