From 541272eb99cd6049484f37de49658d7e6657a652 Mon Sep 17 00:00:00 2001
From: Kevin Hu <kevinhu.sh@gmail.com>
Date: Wed, 20 Nov 2024 17:57:45 +0800
Subject: [PATCH] Fix: authorization issue (#3530)

### What problem does this PR solve?


### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 api/apps/tenant_app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/apps/tenant_app.py b/api/apps/tenant_app.py
index 7612fafc8..03ce97f88 100644
--- a/api/apps/tenant_app.py
+++ b/api/apps/tenant_app.py
@@ -83,7 +83,7 @@ def create(tenant_id):
 @manager.route('/<tenant_id>/user/<user_id>', methods=['DELETE'])
 @login_required
 def rm(tenant_id, user_id):
-    if current_user.id != tenant_id:
+    if current_user.id != tenant_id and current_user.id != user_id:
         return get_json_result(
             data=False,
             message='No authorization.',