From 064a28c32533a0f2eae17853c9cc2d3a4737ed6e Mon Sep 17 00:00:00 2001
From: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:35:25 -0500
Subject: [PATCH] fix: add permission check for collection management api, refs
 AC-1647 (#3252)

---
 src/Api/Controllers/OrganizationsController.cs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs
index 3ef36330a9..6fb1d6efe9 100644
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@@ -773,6 +773,11 @@ public class OrganizationsController : Controller
             throw new NotFoundException();
         }
 
+        if (!await _currentContext.OrganizationOwner(id))
+        {
+            throw new NotFoundException();
+        }
+
         await _organizationService.UpdateAsync(model.ToOrganization(organization));
         return new OrganizationResponseModel(organization);
     }