Admin should not have access if not MFA verified

SUNET · Sep 27, 2023 · 21ed017 · 21ed017
1 parent 8761ff7
commit 21ed017
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/Controller/MfazonesController.php b/lib/Controller/MfazonesController.php
@@ -94,7 +94,7 @@ public function hasAccess($source)
 
             try {
                 $node = $userRoot->get($source);
-                $hasAccess = $isAdmin || ($node->getOwner()->getUID() === $this->userId && $mfaVerified);
+                $hasAccess = ($isAdmin || $node->getOwner()->getUID() === $this->userId) && $mfaVerified;
             } catch (\Exception $e) {
                 \OC::$server->getLogger()->logException($e, ['app' => 'mfazones']);
                 $hasAccess = false;