From 9d60d7f367910fb8ece2c5cdc9ae8b88493bceb2 Mon Sep 17 00:00:00 2001
From: Florian M <florian@scm.io>
Date: Wed, 24 Jul 2024 11:43:06 +0200
Subject: [PATCH] Fix sandbox annotation api route

---
 app/models/annotation/AnnotationRestrictions.scala | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/models/annotation/AnnotationRestrictions.scala b/app/models/annotation/AnnotationRestrictions.scala
index c1cc14c7b57..b77ac468d47 100755
--- a/app/models/annotation/AnnotationRestrictions.scala
+++ b/app/models/annotation/AnnotationRestrictions.scala
@@ -68,13 +68,15 @@ class AnnotationRestrictionDefaults @Inject()(userService: UserService)(implicit
       override def allowUpdate(user: Option[User]): Fox[Boolean] =
         for {
           accessAllowed <- allowAccess(user)
-          annotationOwner <- userService.findOneCached(annotation._user)(GlobalAccessContext)
+          annotationOwnerBox <- userService
+            .findOneCached(annotation._user)(GlobalAccessContext)
+            .futureBox // sandbox annotations have no owner
         } yield
           user.exists { user =>
             (annotation._user == user._id || (accessAllowed && annotation.othersMayEdit)) &&
             !(annotation.state == Finished) &&
             !annotation.isLockedByOwner &&
-            annotationOwner._organization == user._organization
+            annotationOwnerBox.exists(_._organization == user._organization)
           }
 
       override def allowFinish(userOption: Option[User]): Fox[Boolean] =