mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-26 11:43:59 -05:00
Fix locked or private permission should block any operation if owner is null
This commit is contained in:
parent
a1198339db
commit
03e68f92eb
2 changed files with 4 additions and 4 deletions
|
@ -540,7 +540,7 @@ function ifMayEdit(socket, callback) {
|
||||||
break;
|
break;
|
||||||
case "locked": case "private":
|
case "locked": case "private":
|
||||||
//only owner can change
|
//only owner can change
|
||||||
if (note.owner != socket.request.user.id)
|
if (!note.owner || note.owner != socket.request.user.id)
|
||||||
mayEdit = false;
|
mayEdit = false;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -641,7 +641,7 @@ function connection(socket) {
|
||||||
if (!noteId || !notes[noteId]) return;
|
if (!noteId || !notes[noteId]) return;
|
||||||
var note = notes[noteId];
|
var note = notes[noteId];
|
||||||
//Only owner can change permission
|
//Only owner can change permission
|
||||||
if (note.owner == socket.request.user.id) {
|
if (note.owner && note.owner == socket.request.user.id) {
|
||||||
note.permission = permission;
|
note.permission = permission;
|
||||||
models.Note.update({
|
models.Note.update({
|
||||||
permission: permission
|
permission: permission
|
||||||
|
|
|
@ -1907,7 +1907,7 @@ function updatePermission(newPermission) {
|
||||||
title = "Only owner can view & edit";
|
title = "Only owner can view & edit";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (personalInfo.userid && personalInfo.userid == owner) {
|
if (personalInfo.userid && owner && personalInfo.userid == owner) {
|
||||||
label += ' <i class="fa fa-caret-down"></i>';
|
label += ' <i class="fa fa-caret-down"></i>';
|
||||||
ui.infobar.permission.label.removeClass('disabled');
|
ui.infobar.permission.label.removeClass('disabled');
|
||||||
} else {
|
} else {
|
||||||
|
@ -1931,7 +1931,7 @@ function havePermission() {
|
||||||
break;
|
break;
|
||||||
case "locked":
|
case "locked":
|
||||||
case "private":
|
case "private":
|
||||||
if (personalInfo.userid != owner) {
|
if (!owner || personalInfo.userid != owner) {
|
||||||
bool = false;
|
bool = false;
|
||||||
} else {
|
} else {
|
||||||
bool = true;
|
bool = true;
|
||||||
|
|
Loading…
Reference in a new issue