From 4cfeef1b583076ed370c876930a21d07bde33c9c Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Thu, 20 Jul 2017 13:38:58 +0200
Subject: [PATCH] when user can manage projects he is able to see comments of
 any project

---
 .../main/java/lcsb/mapviewer/services/impl/CommentService.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/service/src/main/java/lcsb/mapviewer/services/impl/CommentService.java b/service/src/main/java/lcsb/mapviewer/services/impl/CommentService.java
index c822b34c45..46de1b259c 100644
--- a/service/src/main/java/lcsb/mapviewer/services/impl/CommentService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/CommentService.java
@@ -409,7 +409,8 @@ public class CommentService implements ICommentService {
 	public List<Comment> getCommentsByProject(Project project, AuthenticationToken token) throws UserAccessException {
 		boolean editComments = userService.userHasPrivilege(token, PrivilegeType.EDIT_COMMENTS_PROJECT, project);
 		boolean viewProject = userService.userHasPrivilege(token, PrivilegeType.VIEW_PROJECT, project);
-		if (!editComments && !viewProject) {
+		boolean manageProjects = userService.userHasPrivilege(token, PrivilegeType.PROJECT_MANAGEMENT);
+		if (!editComments && !viewProject && !manageProjects) {
 			throw new UserAccessException("You have no privileges to see comments for given project");
 		}
 		List<Comment> comments = new ArrayList<>();
-- 
GitLab