jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Remove bogus accesscontrol logic

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-06-15 16:26:14 -07:00
parent 491d1c1273
commit 89b41b11a4
1 changed files with 1 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/users.js
+1 -6
View File
@@ -49,12 +49,11 @@ function create(req, res, next) {
displayName: user.displayName,
email: user.email,
fallbackEmail: user.fallbackEmail,
admin: user.admin,
groupIds: [ ],
resetToken: user.resetToken
};
next(new HttpSuccess(201, userInfo ));
next(new HttpSuccess(201, userInfo));
});
}
@@ -68,8 +67,6 @@ function update(req, res, next) {
if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));
if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be a string'));
if (req.user.id !== req.params.userId && !req.user.admin) return next(new HttpError(403, 'Not allowed'));
users.update(req.params.userId, req.body, auditSource(req), function (error) {
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
@@ -94,8 +91,6 @@ function get(req, res, next) {
assert.strictEqual(typeof req.params.userId, 'string');
assert.strictEqual(typeof req.user, 'object');
if (req.user.id !== req.params.userId && !req.user.admin) return next(new HttpError(403, 'Not allowed'));
users.get(req.params.userId, function (error, result) {
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
if (error) return next(new HttpError(500, error));