diff --git a/src/Umbraco.Web/Editors/UserGroupsController.cs b/src/Umbraco.Web/Editors/UserGroupsController.cs index 7d08560b6f..e6c6761ef4 100644 --- a/src/Umbraco.Web/Editors/UserGroupsController.cs +++ b/src/Umbraco.Web/Editors/UserGroupsController.cs @@ -51,13 +51,8 @@ namespace Umbraco.Web.Editors if (isAuthorized == false) throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized, isAuthorized.Result)); - //current user needs to be added to a new group if not an admin (possibly only if no other users are added?) to avoid a 401 - if(!Security.CurrentUser.IsAdmin() && (userGroupSave.Id == null || Convert.ToInt32(userGroupSave.Id) >= 0)/* && !userGroupSave.Users.Any() */) - { - var userIds = userGroupSave.Users.ToList(); - userIds.Add(Security.CurrentUser.Id); - userGroupSave.Users = userIds; - } + //need to ensure current user is in a group if not an admin to avoid a 401 + EnsureNonAdminUserIsInSavedUserGroup(userGroupSave); //save the group Services.UserService.Save(userGroupSave.PersistedUserGroup, userGroupSave.Users.ToArray()); @@ -88,6 +83,23 @@ namespace Umbraco.Web.Editors return display; } + private void EnsureNonAdminUserIsInSavedUserGroup(UserGroupSave userGroupSave) + { + if (Security.CurrentUser.IsAdmin()) + { + return; + } + + var userIds = userGroupSave.Users.ToList(); + if (userIds.Contains(Security.CurrentUser.Id)) + { + return; + } + + userIds.Add(Security.CurrentUser.Id); + userGroupSave.Users = userIds; + } + /// /// Returns the scaffold for creating a new user group ///