FIX: allow creating communication target if editing own profile

src/modules/api/members/member_communication.rs

@@ -164,20 +164,28 @@ pub fn api_communication_targets_delete(
     settings: &State<Settings>,
     target_id: String,
 ) -> Result<(), Json<ApiErrorWrapper>> {
-    let member = parse_member_cookie(cookie.member)?;
+    let caller = parse_member_cookie(cookie.member)?;
     let target_id = parse_uuid_string(target_id)?;
 
-    let target = match get_communication_target(settings, target_id){
+    let target = match get_communication_target(settings, target_id) {
         Ok(target) => target,
         Err(e) => {
             return Err(translate_diesel(e))
         }
     };
 
-    let groups = get_groups_for_member(settings, target.entity_id).unwrap().into_iter().map(|m|crate::modules::member_management::model::groups::Group::from(m)).collect();
+    let groups = get_groups_for_member(settings, target.entity_id).unwrap().into_iter().map(|m| crate::modules::member_management::model::groups::Group::from(m)).collect();
 
-    if !check_access_to_member_or_group(settings, target.entity_id, groups, member.entity_id, crate::permissions::modules::member_management::profile::communication::EDIT.to_string()){
-        return Err(Json(ApiError::new(401, "Keine Berechtigung Kommunikationseintrag zu löschen!".to_string()).to_wrapper()))
+    if target.entity_id != caller.entity_id { //if Member edits own communication target, do not check permissions
+        if !check_access_to_member_or_group(settings, target.entity_id, groups, caller.entity_id, crate::permissions::modules::member_management::profile::communication::EDIT.to_string()) {
+            return Err(Json(
+                ApiError::new(
+                    403,
+                    "Keine Berechtigung, Kommunikationsziel zu entfernen!".to_string(),
+                )
+                    .to_wrapper(),
+            ));
+        }
     }
 
     match remove_communication_target(settings, target_id) {