diff --git a/src/Turnierplan.App/Endpoints/Tournaments/CreateTournamentEndpoint.cs b/src/Turnierplan.App/Endpoints/Tournaments/CreateTournamentEndpoint.cs index 4d35e94a..afc3ec43 100644 --- a/src/Turnierplan.App/Endpoints/Tournaments/CreateTournamentEndpoint.cs +++ b/src/Turnierplan.App/Endpoints/Tournaments/CreateTournamentEndpoint.cs @@ -56,6 +56,10 @@ private static async Task Handle( { return Results.NotFound("The specified folder does not exist."); } + + // No authorization check is necessary on the scope of the folder! This is because above, we ensure that + // the user has at least 'GenericWrite' permission on the organization. If he does, this permission is + // always passed onto the folder anyway. } else if (request.FolderName is not null) {