From 8996c1da296e4bbf288a476a2ea9025437999264 Mon Sep 17 00:00:00 2001
From: Linh Nguyen <55907715+batman0911@users.noreply.github.com>
Date: Thu, 20 Mar 2025 16:17:54 +0700
Subject: [PATCH] fix removing member without permission (#16332)

Co-authored-by: crazywoola <427733928@qq.com>
---
 api/services/account_service.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/services/account_service.py b/api/services/account_service.py
index 42d1fba97f..47730298b9 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -785,9 +785,11 @@ class TenantService:
     @staticmethod
     def remove_member_from_tenant(tenant: Tenant, account: Account, operator: Account) -> None:
         """Remove member from tenant"""
-        if operator.id == account.id and TenantService.check_member_permission(tenant, operator, account, "remove"):
+        if operator.id == account.id:
             raise CannotOperateSelfError("Cannot operate self.")
 
+        TenantService.check_member_permission(tenant, operator, account, "remove")
+
         ta = TenantAccountJoin.query.filter_by(tenant_id=tenant.id, account_id=account.id).first()
         if not ta:
             raise MemberNotInTenantError("Member not in tenant.")