diff options
author | Cheng-Han, Wu | 2016-06-17 16:29:45 +0800 |
---|---|---|
committer | Cheng-Han, Wu | 2016-06-17 16:29:45 +0800 |
commit | 03e68f92ebe7051b209790eb27d30fce87c1bbc7 (patch) | |
tree | 4e8b9717ec09164c1738aeceb04ef101b8799e43 | |
parent | a1198339db98689326644c4405d075d03afcca5b (diff) |
Fix locked or private permission should block any operation if owner is null
-rw-r--r-- | lib/realtime.js | 4 | ||||
-rw-r--r-- | public/js/index.js | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/realtime.js b/lib/realtime.js index 0edf647c..b7a17d34 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -540,7 +540,7 @@ function ifMayEdit(socket, callback) { break; case "locked": case "private": //only owner can change - if (note.owner != socket.request.user.id) + if (!note.owner || note.owner != socket.request.user.id) mayEdit = false; break; } @@ -641,7 +641,7 @@ function connection(socket) { if (!noteId || !notes[noteId]) return; var note = notes[noteId]; //Only owner can change permission - if (note.owner == socket.request.user.id) { + if (note.owner && note.owner == socket.request.user.id) { note.permission = permission; models.Note.update({ permission: permission diff --git a/public/js/index.js b/public/js/index.js index 2da07b5d..67846845 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1907,7 +1907,7 @@ function updatePermission(newPermission) { title = "Only owner can view & edit"; break; } - if (personalInfo.userid && personalInfo.userid == owner) { + if (personalInfo.userid && owner && personalInfo.userid == owner) { label += ' <i class="fa fa-caret-down"></i>'; ui.infobar.permission.label.removeClass('disabled'); } else { @@ -1931,7 +1931,7 @@ function havePermission() { break; case "locked": case "private": - if (personalInfo.userid != owner) { + if (!owner || personalInfo.userid != owner) { bool = false; } else { bool = true; |