From e875a54d7b6c9dafefe5649e0a7beb96f89aa127 Mon Sep 17 00:00:00 2001
From: Maxim Leshchenko <cnmaks90@gmail.com>
Date: Tue, 9 Nov 2021 14:37:30 +0200
Subject: [PATCH] Prevent everyone from changing the comment of the group owner
 The vulnerability was there even before my commits, but I did not notice it
 :3

---
 Web/Presenters/GroupPresenter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Web/Presenters/GroupPresenter.php b/Web/Presenters/GroupPresenter.php
index dfddf4ec..16fd6381 100644
--- a/Web/Presenters/GroupPresenter.php
+++ b/Web/Presenters/GroupPresenter.php
@@ -124,7 +124,7 @@ final class GroupPresenter extends OpenVKPresenter
         if(!$user || !$club)
             $this->notFound();
         
-        if(!$club->canBeModifiedBy($this->user->identity ?? NULL) && $club->getOwner()->getId() !== $user->getId())
+        if(!$club->canBeModifiedBy($this->user->identity ?? NULL))
             $this->flashFail("err", "Ошибка доступа", "У вас недостаточно прав, чтобы изменять этот ресурс.");
 
         if(!is_null($hidden)) {