mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-29 06:14:04 +00:00
Fix default permission
The code intends to check if the note is anonymous by checking if it has an owner. If it is anonymous, the default permission must be `freely`. However, at this point in the code, `owner` is never populated; only `ownerId` is. The property `owner` is automatically filled in *after* the Note is created, but this call happens before that. Thus, the default note permission is always `freely`, regardless of the `defaultPermission` setting. By checking `ownerId` instead of `owner`, the anonymity and hence default permission is correctly determined, This is especially an issue when `allowAnonymous` is `false`, since this would allow the user to create a note with `freely` permission when it should not be allowed. Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
This commit is contained in:
parent
1945a73c11
commit
87be26c57e
1 changed files with 1 additions and 1 deletions
|
@ -170,7 +170,7 @@ export class Note extends Model<Note> {
|
|||
}
|
||||
// if no permission specified and have owner then give default permission in config, else default permission is freely
|
||||
if (!note.permission) {
|
||||
if (note.owner) {
|
||||
if (note.ownerId) {
|
||||
// TODO: Might explode if the user-defined permission does not exist
|
||||
note.permission = PermissionEnum[config.defaultPermission]
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue