From 404adedcdc4c3e070369652607a636f3e5cdcdb9 Mon Sep 17 00:00:00 2001
From: Joep Meindertsma <joep@ontola.io>
Date: Wed, 26 Oct 2022 15:20:49 +0200
Subject: [PATCH] #521 Give server default agent sudo rights

---
 CHANGELOG.md         | 1 +
 lib/src/hierarchy.rs | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6d4bc3759..2fbbf62d1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ Changes to JS assets are not included here, but in [`atomic-data-browser`'s CHAN
 
 - Add parent parameter to search endpoint which scopes a search to only the descendants of the given resource. #226
 - Bookmark endpoint now also retrieves `og:image` and `og:description` #510
+- Give server agent rights to edit all resources, fix issue with accepting invites in private drives #521
 
 ## [v0.33.1] - 2022-09-25
 
diff --git a/lib/src/hierarchy.rs b/lib/src/hierarchy.rs
index 191e3dd27..fe750f62d 100644
--- a/lib/src/hierarchy.rs
+++ b/lib/src/hierarchy.rs
@@ -114,6 +114,11 @@ pub fn check_rights(
     if resource.get_subject() == for_agent {
         return Ok("Agents can always edit themselves or their children.".into());
     }
+    if let Ok(server_agent) = store.get_default_agent() {
+        if server_agent.subject == for_agent {
+            return Ok("Server agent has root access, and can edit anything.".into());
+        }
+    }
 
     // Handle Commits.
     if let Ok(commit_subject) = resource.get(urls::SUBJECT) {