From 5e6014496da501bc9d7e9e1eb1eb56474daaa12c Mon Sep 17 00:00:00 2001
From: Cookiezaurs <>
Date: Mon, 5 Jan 2026 17:28:34 +0200
Subject: [PATCH 1/2] [SER-2766] Cought issue on preset editing. Fixes issue in
 rights.js  in exports.hasAdminAccess function to do not assume admin rights
 if no specific permission defined for user.

---
 api/utils/rights.js | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/api/utils/rights.js b/api/utils/rights.js
index 5d431752865..203658d0782 100644
--- a/api/utils/rights.js
+++ b/api/utils/rights.js
@@ -1155,15 +1155,25 @@ exports.hasAdminAccess = function(member, app_id, type) {
         return true;
     }
 
-    var isAdmin = true;
+    var isAdmin = false;
     // check users who has permission property
     if (hasPermissionObject) {
         var types = type ? [type] : ["c", "r", "u", "d"];
+        var passesAllRules = true;
         for (var i = 0; i < types.length; i++) {
-            if (member.permission[types[i]] && member.permission[types[i]][app_id] && !member.permission[types[i]][app_id].all) {
-                isAdmin = false;
+            if (member.permission[types[i]] && member.permission[types[i]][app_id]) {
+                if(!member.permission[types[i]][app_id].all) {
+                   passesAllRules = false;
+                }
+            }
+            else {
+                passesAllRules = false;
             }
         }
+        if (passesAllRules) {
+            isAdmin = true;
+        }
+
     }
     // check legacy users who has admin_of property
     // users should have at least one app in admin_of array

From 3341f8ba19a692bf38f32b7e0430311b59fb66fe Mon Sep 17 00:00:00 2001
From: Cookiezaurs <>
Date: Mon, 5 Jan 2026 19:10:48 +0200
Subject: [PATCH 2/2] linting

---
 api/utils/rights.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/utils/rights.js b/api/utils/rights.js
index 203658d0782..70a68d19b2a 100644
--- a/api/utils/rights.js
+++ b/api/utils/rights.js
@@ -1162,8 +1162,8 @@ exports.hasAdminAccess = function(member, app_id, type) {
         var passesAllRules = true;
         for (var i = 0; i < types.length; i++) {
             if (member.permission[types[i]] && member.permission[types[i]][app_id]) {
-                if(!member.permission[types[i]][app_id].all) {
-                   passesAllRules = false;
+                if (!member.permission[types[i]][app_id].all) {
+                    passesAllRules = false;
                 }
             }
             else {