diff options
author | Lauri Ojansivu <x@xet7.org> | 2019-08-20 19:25:37 +0300 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2019-08-20 19:25:37 +0300 |
commit | f96c1eda707aecbaccbe248aa97498a0899fab4d (patch) | |
tree | 37da48950d4788ad9d76fa139129103674fa971c /models/users.js | |
parent | e9bbbb6a040acf518e6d9a3374270c094b6a2287 (diff) | |
download | wekan-f96c1eda707aecbaccbe248aa97498a0899fab4d.tar.gz wekan-f96c1eda707aecbaccbe248aa97498a0899fab4d.tar.bz2 wekan-f96c1eda707aecbaccbe248aa97498a0899fab4d.zip |
v3.22v3.22
Diffstat (limited to 'models/users.js')
-rw-r--r-- | models/users.js | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/models/users.js b/models/users.js index dc286128..0d1f2271 100644 --- a/models/users.js +++ b/models/users.js @@ -259,21 +259,38 @@ Users.attachSchema( Users.before.update(function(userId, fieldNames) { const user = Users.findOne({ _id: userId }); - if (user && user.isAdmin || Meteor.user() && Meteor.user().isAdmin) { return true; } - if (!user) { return false; } - if (_.contains(fieldNames, 'services')) { return false; } - if (_.contains(fieldNames, 'heartBeat')) { return false; } - if (_.contains(fieldNames, 'isAdmin')) { return false; } - if (_.contains(fieldNames, 'loginDisabled')) { return false; } - if (_.contains(fieldNames, 'authenticationMethod')) { return false; } + if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin)) { + return true; + } + if (!user) { + return false; + } + if (_.contains(fieldNames, 'services')) { + return false; + } + if (_.contains(fieldNames, 'heartBeat')) { + return false; + } + if (_.contains(fieldNames, 'isAdmin')) { + return false; + } + if (_.contains(fieldNames, 'loginDisabled')) { + return false; + } + if (_.contains(fieldNames, 'authenticationMethod')) { + return false; + } }); Users.allow({ update(userId, doc) { - const user = Users.findOne({ _id: userId }); - if (user && user.isAdmin || Meteor.user() && Meteor.user().isAdmin) return true; - if (!user) { return false; } - return doc._id === userId; + const user = Users.findOne({ _id: userId }); + if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin)) + return true; + if (!user) { + return false; + } + return doc._id === userId; }, remove(userId, doc) { const adminsNumber = Users.find({ isAdmin: true }).count(); |