From f61d97a4f61d6001d2855e664a2d7eea3286b538 Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Mon, 19 Oct 2015 22:29:36 +0100
Subject: [PATCH] added null check on user when checking permissions

---
 services/web/app/coffee/managers/SecurityManager.coffee | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/services/web/app/coffee/managers/SecurityManager.coffee b/services/web/app/coffee/managers/SecurityManager.coffee
index 790748567b..699c307679 100644
--- a/services/web/app/coffee/managers/SecurityManager.coffee
+++ b/services/web/app/coffee/managers/SecurityManager.coffee
@@ -89,7 +89,9 @@ module.exports = SecurityManager =
 
 	requestIsOwner : (req, res, next)->
 		getRequestUserAndProject req, res, {}, (err, user, project)->
-			if userIsOwner user, project || user.isAdmin
+			if !user?
+				return res.redirect('/restricted')
+			else if userIsOwner user, project || user.isAdmin
 				next()
 			else
 				logger.log user_id: user?._id, email: user?.email, "user is not owner of project redirecting to restricted page"