summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCheng-Han, Wu2016-06-17 16:29:45 +0800
committerCheng-Han, Wu2016-06-17 16:29:45 +0800
commit03e68f92ebe7051b209790eb27d30fce87c1bbc7 (patch)
tree4e8b9717ec09164c1738aeceb04ef101b8799e43
parenta1198339db98689326644c4405d075d03afcca5b (diff)
Fix locked or private permission should block any operation if owner is null
Diffstat (limited to '')
-rw-r--r--lib/realtime.js4
-rw-r--r--public/js/index.js4
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/realtime.js b/lib/realtime.js
index 0edf647c..b7a17d34 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -540,7 +540,7 @@ function ifMayEdit(socket, callback) {
break;
case "locked": case "private":
//only owner can change
- if (note.owner != socket.request.user.id)
+ if (!note.owner || note.owner != socket.request.user.id)
mayEdit = false;
break;
}
@@ -641,7 +641,7 @@ function connection(socket) {
if (!noteId || !notes[noteId]) return;
var note = notes[noteId];
//Only owner can change permission
- if (note.owner == socket.request.user.id) {
+ if (note.owner && note.owner == socket.request.user.id) {
note.permission = permission;
models.Note.update({
permission: permission
diff --git a/public/js/index.js b/public/js/index.js
index 2da07b5d..67846845 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -1907,7 +1907,7 @@ function updatePermission(newPermission) {
title = "Only owner can view & edit";
break;
}
- if (personalInfo.userid && personalInfo.userid == owner) {
+ if (personalInfo.userid && owner && personalInfo.userid == owner) {
label += ' <i class="fa fa-caret-down"></i>';
ui.infobar.permission.label.removeClass('disabled');
} else {
@@ -1931,7 +1931,7 @@ function havePermission() {
break;
case "locked":
case "private":
- if (personalInfo.userid != owner) {
+ if (!owner || personalInfo.userid != owner) {
bool = false;
} else {
bool = true;