From c435958ea938042843f0aac496b90e51728826a1 Mon Sep 17 00:00:00 2001
From: Adrian-Stefan Mares <adrian.mares@thethingsindustries.com>
Date: Thu, 16 Nov 2023 13:12:13 +0530
Subject: [PATCH] is: Fix universal rights effect on batch gateway rights
 assertions

---
 pkg/identityserver/rights.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkg/identityserver/rights.go b/pkg/identityserver/rights.go
index a20ea60f8f5..acb177a8401 100644
--- a/pkg/identityserver/rights.go
+++ b/pkg/identityserver/rights.go
@@ -261,7 +261,7 @@ func (is *IdentityServer) assertGatewayRights( // nolint:gocyclo
 			return err
 		}
 		if len(gtws) != len(gtwIDs) {
-			if is.IsAdmin(ctx) {
+			if authInfo.IsAdmin {
 				// Return the cause only to the admin.
 				// This follows the same logic as in ListRights.
 				return errSomeGatewaysNotFound.New()
@@ -322,6 +322,11 @@ func (is *IdentityServer) assertGatewayRights( // nolint:gocyclo
 		if len(entityIDs) == 0 {
 			return nil
 		}
+		if authInfo.IsAdmin {
+			if authInfo.GetUniversalRights().IncludesAll(requiredGatewayRights.GetRights()...) {
+				return nil
+			}
+		}
 		membershipChains, err := st.FindAccountMembershipChains(
 			ctx,
 			ouID,
@@ -332,10 +337,6 @@ func (is *IdentityServer) assertGatewayRights( // nolint:gocyclo
 			return err
 		}
 		if len(membershipChains) != len(entityIDs) {
-			// Some memberships were not found.
-			if is.IsAdmin(ctx) {
-				return errSomeGatewaysNotFound.New()
-			}
 			return errInsufficientRights.New()
 		}
 		for _, chain := range membershipChains {