mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 17:56:30 -05:00
Fix locked or private permission should block any operation if owner is null
This commit is contained in:
parent
a1198339db
commit
03e68f92eb
2 changed files with 4 additions and 4 deletions
|
@ -540,7 +540,7 @@ function ifMayEdit(socket, callback) {
|
|||
break;
|
||||
case "locked": case "private":
|
||||
//only owner can change
|
||||
if (note.owner != socket.request.user.id)
|
||||
if (!note.owner || note.owner != socket.request.user.id)
|
||||
mayEdit = false;
|
||||
break;
|
||||
}
|
||||
|
@ -641,7 +641,7 @@ function connection(socket) {
|
|||
if (!noteId || !notes[noteId]) return;
|
||||
var note = notes[noteId];
|
||||
//Only owner can change permission
|
||||
if (note.owner == socket.request.user.id) {
|
||||
if (note.owner && note.owner == socket.request.user.id) {
|
||||
note.permission = permission;
|
||||
models.Note.update({
|
||||
permission: permission
|
||||
|
|
|
@ -1907,7 +1907,7 @@ function updatePermission(newPermission) {
|
|||
title = "Only owner can view & edit";
|
||||
break;
|
||||
}
|
||||
if (personalInfo.userid && personalInfo.userid == owner) {
|
||||
if (personalInfo.userid && owner && personalInfo.userid == owner) {
|
||||
label += ' <i class="fa fa-caret-down"></i>';
|
||||
ui.infobar.permission.label.removeClass('disabled');
|
||||
} else {
|
||||
|
@ -1931,7 +1931,7 @@ function havePermission() {
|
|||
break;
|
||||
case "locked":
|
||||
case "private":
|
||||
if (personalInfo.userid != owner) {
|
||||
if (!owner || personalInfo.userid != owner) {
|
||||
bool = false;
|
||||
} else {
|
||||
bool = true;
|
||||
|
|
Loading…
Reference in a new issue