From ed8d98a40b9b5db8b2f3aad4e1e60557d13d4b3c Mon Sep 17 00:00:00 2001
From: anhefti <andreas.hefti@let.ethz.ch>
Date: Tue, 20 Apr 2021 16:18:21 +0200
Subject: [PATCH] fixed privilege check on createNew

---
 .../sebserver/webservice/weblayer/api/EntityController.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/EntityController.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/EntityController.java
index 9b71b9bb..62dbd4ed 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/EntityController.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/EntityController.java
@@ -284,8 +284,8 @@ public abstract class EntityController<T extends Entity, M extends Entity> {
                     defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
             final HttpServletRequest request) {
 
-        // check modify privilege for requested institution and concrete entityType
-        this.checkModifyPrivilege(institutionId);
+        // check write privilege for requested institution and concrete entityType
+        this.checkWritePrivilege(institutionId);
 
         final POSTMapper postMap = new POSTMapper(allRequestParams, request.getQueryString())
                 .putIfAbsent(API.PARAM_INSTITUTION_ID, String.valueOf(institutionId));