From d632f87927731af469da24e55c530751881d6b29 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sat, 16 Sep 2017 11:47:52 +0200
Subject: [PATCH] Fix permission condition

---
 Controller.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Controller.php b/Controller.php
index 2097355..2b9ed5d 100644
--- a/Controller.php
+++ b/Controller.php
@@ -154,8 +154,8 @@ class Controller extends ModuleAbstract implements WebInterface
         $draw      = DrawImageMapper::get($request->getData('id'));
         $accountId = $request->getHeader()->getAccount();
 
-        if (!$draw->getCreatedBy()->getId() === $accountId
-            || !$this->app->accountManager->get($accountId)->hasPermission(
+        if ($draw->getCreatedBy()->getId() !== $accountId
+            && !$this->app->accountManager->get($accountId)->hasPermission(
                 PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DRAW, $draw->getId())
         ) {
             $view->setTemplate('/Web/Backend/Error/403_inline');