jschaufuss/DiceCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add permission check to JSONcharacter

Browse Source
This commit is contained in:
Andrew Zhu
2018-06-07 01:38:29 -07:00
parent 1a18d1f816
commit 216e502c8a
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/lib/functions/permissions.js
View File

@@ -9,10 +9,11 @@ canViewCharacter = function(charId, userId){
userId = userId || Meteor.userId();
var char = Characters.findOne(
charId,
{fields: {owner: 1, writers: 1, readers: 1}}
{fields: {owner: 1, writers: 1, readers: 1, "settings.viewPermission": 1}}
);
if (!char) return true;
return userId === char.owner ||
char.settings.viewPermission === "public" ||
_.contains(char.writers, userId) ||
_.contains(char.readers, userId);
};