From 826f94d5071632d65b81f6c9e88d66d53ee1012a Mon Sep 17 00:00:00 2001
From: brindosch <edeltraud70@gmx.de>
Date: Fri, 30 Aug 2019 20:41:33 +0200
Subject: [PATCH] Fix: prevent downgrade of authorization

---
 libsrc/api/JsonAPI.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libsrc/api/JsonAPI.cpp b/libsrc/api/JsonAPI.cpp
index af364dc2..30cdf084 100644
--- a/libsrc/api/JsonAPI.cpp
+++ b/libsrc/api/JsonAPI.cpp
@@ -71,11 +71,12 @@ void JsonAPI::initialize(void)
 		_authorized = !_authManager->isLocalAuthRequired();
 
 	// admin access is allowed, when the connection is local and the option for local admin isn't set. Con: All local connections get full access
-	// authorization is also granted for api based on admin result. Pro: Admin should have full access.
 	if(_localConnection)
 	{
 		_userAuthorized = !_authManager->isLocalAdminAuthRequired();
-		_authorized = _userAuthorized;
+		// just in positive direction
+		if(_userAuthorized)
+			_authorized = true;
 	}
 
 	// setup auth interface