fixed root perm check for granrable

Signed-off-by: Mikhail Boldyrev <miboldyrev@gmail.com>
hyperledger · Aug 28, 2019 · 355d420 · 355d420
1 parent 94a6fb4
commit 355d420
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/irohad/ametsuchi/impl/postgres_command_executor.cpp b/irohad/ametsuchi/impl/postgres_command_executor.cpp
@@ -323,8 +323,10 @@ namespace {
       const shared_model::interface::types::AccountIdType &account_id) {
     return (boost::format(R"(WITH
           has_role_perm AS (%s),
+          has_root_perm AS (%s),
           has_grantable_perm AS (%s)
           SELECT CASE
+                           WHEN (SELECT * FROM has_root_perm) THEN true
                            WHEN (SELECT * FROM has_grantable_perm) THEN true
                            WHEN (%s = %s) THEN
                                CASE
@@ -334,6 +336,7 @@ namespace {
                            ELSE false END
           )")
             % checkAccountRolePermission(role, creator_id)
+            % checkAccountRolePermission(Role::kRoot, creator_id)
             % checkAccountGrantablePermission(grantable, creator_id, account_id)
             % creator_id % account_id)
         .str();