From 44a7db98037571b97c904982e05410f404e01b76 Mon Sep 17 00:00:00 2001
From: Romain Beuque <romain.beuque@corp.ovh.com>
Date: Fri, 27 Mar 2020 20:15:54 +0100
Subject: [PATCH] fix: resolution: only add resolver as task.resolver_usernames
 if used admin privileges

Signed-off-by: Romain Beuque <romain.beuque@corp.ovh.com>
---
 api/handler/resolution.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/api/handler/resolution.go b/api/handler/resolution.go
index 32163aaf..87ae9e4a 100644
--- a/api/handler/resolution.go
+++ b/api/handler/resolution.go
@@ -57,10 +57,12 @@ func CreateResolution(c *gin.Context, in *createResolutionIn) (*resolution.Resol
 
 	// adding current resolver to task.resolver_usernames, to be able to list resolved tasks
 	// as 'resolvable', if current resolver used admins privileges.
-	t.ResolverUsernames = append(t.ResolverUsernames, resUser)
-	if err := t.Update(dbp, false, false); err != nil {
-		dbp.Rollback()
-		return nil, err
+	if auth.IsAdmin(c) == nil {
+		t.ResolverUsernames = append(t.ResolverUsernames, resUser)
+		if err := t.Update(dbp, false, false); err != nil {
+			dbp.Rollback()
+			return nil, err
+		}
 	}
 
 	r, err := resolution.Create(dbp, t, in.ResolverInputs, resUser, false, nil) // TODO accept delay in handler