From 837708fc0c9f900a116ff9284441819fc041e964 Mon Sep 17 00:00:00 2001
From: Charlie Humphreys <ahumphreys3@gmail.com>
Date: Wed, 16 Nov 2022 22:39:06 -0600
Subject: [PATCH 1/3] prevent changes to brews from non-authors

---
 server/homebrew.api.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index ec8e438fa..563926f01 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -43,6 +43,9 @@ const getBrew = (accessType, fetchGoogle = true)=>{
 				}
 			});
 		stub = stub?.toObject();
+		if(stub?.authors && !stub?.authors.includes(req.account.username)) {
+			throw 'Current logged in user does not have access to this brew.';
+		}
 
 		// If there is a google id, try to find the google brew
 		if(fetchGoogle && (googleId || stub?.googleId)) {

From 4c629772cc7d09e4f0950f67029529e55638b48b Mon Sep 17 00:00:00 2001
From: Charlie Humphreys <ahumphreys3@gmail.com>
Date: Mon, 5 Dec 2022 22:11:24 -0600
Subject: [PATCH 2/3] add a check for the accessType when editing a document

---
 server/homebrew.api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index 563926f01..e5d304b69 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -43,7 +43,7 @@ const getBrew = (accessType, fetchGoogle = true)=>{
 				}
 			});
 		stub = stub?.toObject();
-		if(stub?.authors && !stub?.authors.includes(req.account.username)) {
+		if(accessType === 'edit' && stub?.authors && !stub?.authors.includes(req.account.username)) {
 			throw 'Current logged in user does not have access to this brew.';
 		}
 

From 6b8db74a2b51a17cbbac378ca99c0429f05f7aa3 Mon Sep 17 00:00:00 2001
From: Charlie Humphreys <ahumphreys3@gmail.com>
Date: Mon, 5 Dec 2022 22:31:56 -0600
Subject: [PATCH 3/3] add authors length check and account elvis operator

---
 server/homebrew.api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index e5d304b69..393c9793d 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -43,7 +43,7 @@ const getBrew = (accessType, fetchGoogle = true)=>{
 				}
 			});
 		stub = stub?.toObject();
-		if(accessType === 'edit' && stub?.authors && !stub?.authors.includes(req.account.username)) {
+		if(accessType === 'edit' && stub?.authors?.length > 0 && !stub?.authors.includes(req.account?.username)) {
 			throw 'Current logged in user does not have access to this brew.';
 		}