f.weber/homebrewery
0
0
Fork 0
mirror of https://github.com/naturalcrit/homebrewery.git synced 2025-12-24 18:32:41 +00:00
Code Wiki Activity

current user owns 0-author brew only if edit mode

Browse Source 
Previous code was treating /share/ visits to google brews with no stub as visits by owner, thus using their own credentials to open the file instead of serviceaccount
This commit is contained in:
Trevor Buckner
2024-12-18 17:07:09 -05:00
parent e61144beb8
commit 6e8a0d7314
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/homebrew.api.js
View File

@@ -106,7 +106,7 @@ const api = {
stub = stub?.toObject();
googleId ??= stub?.googleId;
const isOwner = !stub || stub?.authors?.length === 0 || stub?.authors?.[0] === req.account?.username;
const isOwner = (accessType == 'edit' && (!stub || stub?.authors?.length === 0)) || stub?.authors?.[0] === req.account?.username;
const isAuthor = stub?.authors?.includes(req.account?.username);
const isInvited = stub?.invitedAuthors?.includes(req.account?.username);
@@ -124,7 +124,7 @@ const api = {
// If there is a google id, try to find the google brew
if(!stubOnly && googleId) {
const oAuth2Client = isOwner? GoogleActions.authCheck(req.account, res) : undefined;
const oAuth2Client = isOwner ? GoogleActions.authCheck(req.account, res) : undefined;
const googleBrew = await GoogleActions.getGoogleBrew(oAuth2Client, googleId, id, accessType)
.catch((googleError)=>{