From 37462f8c66f67f0f5dfeb136a2223e1947dc518f Mon Sep 17 00:00:00 2001
From: Murat Merdoglu <murat.merdoglu@dataport.de>
Date: Wed, 15 Oct 2025 17:03:00 +0200
Subject: [PATCH 1/3] add an additional check if the user has permission to
 remove member

---
 src/modules/data/room/roomMembers/RoomMembers.store.ts     | 1 +
 .../room/manageRoom/tables/RoomAdminMembersTable.vue       | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/modules/data/room/roomMembers/RoomMembers.store.ts b/src/modules/data/room/roomMembers/RoomMembers.store.ts
index 835868998a..a14cfc3ac5 100644
--- a/src/modules/data/room/roomMembers/RoomMembers.store.ts
+++ b/src/modules/data/room/roomMembers/RoomMembers.store.ts
@@ -389,6 +389,7 @@ export const useRoomMembersStore = defineStore("roomMembersStore", () => {
 		addMembers,
 		isRoomOwner,
 		changeRoomOwner,
+		currentUserId,
 		confirmInvitations,
 		fetchMembers,
 		resetPotentialMembers,
diff --git a/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue b/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
index 357415aee4..75518bef51 100644
--- a/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
+++ b/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
@@ -78,7 +78,7 @@ withDefaults(defineProps<Props>(), {
 
 const { t } = useI18n();
 const roomMembersStore = useRoomMembersStore();
-const { roomMembersWithoutApplicants, roomMembersForAdmins, selectedIds, baseTableHeaders } =
+const { currentUserId, roomMembersWithoutApplicants, roomMembersForAdmins, selectedIds, baseTableHeaders } =
 	storeToRefs(roomMembersStore);
 const { isRoomOwner, removeMembers, fetchMembers } = roomMembersStore;
 const { askConfirmation } = useConfirmationDialog();
@@ -163,6 +163,11 @@ const canRemoveMember = (item: RoomMember | string[]) => {
 		const members = membersByIds(item);
 		return members.every(canRemoveMember);
 	}
+
+	if (currentUserId.value && isRoomOwner(currentUserId.value)) {
+		return !isRoomOwner(item.userId);
+	}
+
 	return !isRoomOwner(item.userId) && belongsToOwnSchool(item.userId);
 };
 

From de445f8b8734e7e5add11af305d2bc23decedd56 Mon Sep 17 00:00:00 2001
From: Murat Merdoglu <murat.merdoglu@dataport.de>
Date: Thu, 16 Oct 2025 08:41:05 +0200
Subject: [PATCH 2/3] create seperate method for code readability

---
 .../room/manageRoom/tables/RoomAdminMembersTable.vue      | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue b/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
index 75518bef51..310c9a53fb 100644
--- a/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
+++ b/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
@@ -158,14 +158,18 @@ const canChangeRole = (item: RoomMember | string[]) => {
 	return isOwnSchool.value && !checkIsStudent(item) && !isRoomOwner(item.userId) && belongsToOwnSchool(item.userId);
 };
 
+// If the current user (as an admin) is the room owner, they can remove any member except themselves and other room owners
+const canRoomOwnerAsAdminRemoveMember = (item: RoomMember) =>
+	currentUserId.value && isRoomOwner(currentUserId.value) && !isRoomOwner(item.userId);
+
 const canRemoveMember = (item: RoomMember | string[]) => {
 	if (Array.isArray(item)) {
 		const members = membersByIds(item);
 		return members.every(canRemoveMember);
 	}
 
-	if (currentUserId.value && isRoomOwner(currentUserId.value)) {
-		return !isRoomOwner(item.userId);
+	if (canRoomOwnerAsAdminRemoveMember(item)) {
+		return true;
 	}
 
 	return !isRoomOwner(item.userId) && belongsToOwnSchool(item.userId);

From 1cf1869ca3c211e81d2719c0e991c13c8c12f0c1 Mon Sep 17 00:00:00 2001
From: Murat Merdoglu <murat.merdoglu@dataport.de>
Date: Thu, 16 Oct 2025 13:16:47 +0200
Subject: [PATCH 3/3] add logic in changeRole method

---
 .../tables/RoomAdminMembersTable.vue          | 23 +++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue b/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
index 310c9a53fb..da35a3b1b7 100644
--- a/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
+++ b/src/modules/feature/room/manageRoom/tables/RoomAdminMembersTable.vue
@@ -150,18 +150,33 @@ const belongsToOwnSchool = (userId: string) => {
 const membersByIds = (ids: string[]) =>
 	roomMembersWithoutApplicants.value.filter((member) => ids.includes(member.userId));
 
+// If the current user (as an admin) is the room owner, they can change the role of any member except themselves, other room owners, and students
+const canRoomOwnerAsAdminChangeRole = (item: RoomMember) => {
+	if (!currentUserId.value) return false;
+
+	return isRoomOwner(currentUserId?.value) && !isRoomOwner(item.userId) && !checkIsStudent(item);
+};
+
+// If the current user (as an admin) is the room owner, they can remove any member except themselves and other room owners
+const canRoomOwnerAsAdminRemoveMember = (item: RoomMember) => {
+	if (!currentUserId.value) return false;
+
+	return isRoomOwner(currentUserId.value) && !isRoomOwner(item.userId);
+};
+
 const canChangeRole = (item: RoomMember | string[]) => {
 	if (Array.isArray(item)) {
 		const members = membersByIds(item);
 		return members.every(canChangeRole);
 	}
+
+	if (canRoomOwnerAsAdminChangeRole(item)) {
+		return true;
+	}
+
 	return isOwnSchool.value && !checkIsStudent(item) && !isRoomOwner(item.userId) && belongsToOwnSchool(item.userId);
 };
 
-// If the current user (as an admin) is the room owner, they can remove any member except themselves and other room owners
-const canRoomOwnerAsAdminRemoveMember = (item: RoomMember) =>
-	currentUserId.value && isRoomOwner(currentUserId.value) && !isRoomOwner(item.userId);
-
 const canRemoveMember = (item: RoomMember | string[]) => {
 	if (Array.isArray(item)) {
 		const members = membersByIds(item);