fix(InfoSubmission): correct the access control

Signed-off-by: RadovanTomik <[email protected]>

src/main/java/eu/bbmri_eric/negotiator/service/InformationSubmissionServiceImpl.java

@@ -257,18 +257,19 @@ private boolean isAuthorizedToWrite(Long personId, Long resourceId) {
   }
 
   private boolean isAuthorizedToRead(InformationSubmission submission, Long personId) {
-    if (isOnlyForAdmin(submission)) {
-      return false;
+    boolean isRepresentative = isAuthorizedToWrite(personId, submission.getResource().getId());
+    if (isOnlyForAdmin(submission)
+        && (NegotiatorUserDetailsService.isCurrentlyAuthenticatedUserAdmin() || isRepresentative)) {
+      return true;
     }
-    return isAuthorizedToWrite(personId, submission.getResource().getId())
+    return isRepresentative
         || negotiationRepository.existsByIdAndCreatedBy_Id(
             submission.getNegotiation().getId(), personId);
   }
 
-  private static boolean isOnlyForAdmin(InformationSubmission submission) {
-    return Objects.nonNull(submission.getRequirement())
-        && submission.getRequirement().isViewableOnlyByAdmin()
-        && !NegotiatorUserDetailsService.isCurrentlyAuthenticatedUserAdmin();
+  private boolean isOnlyForAdmin(InformationSubmission submission) {
+    return (Objects.nonNull(submission.getRequirement())
+        && submission.getRequirement().isViewableOnlyByAdmin());
   }
 
   private @NonNull InformationSubmission buildSubmissionEntity(