From 837708fc0c9f900a116ff9284441819fc041e964 Mon Sep 17 00:00:00 2001
From: Charlie Humphreys <ahumphreys3@gmail.com>
Date: Wed, 16 Nov 2022 22:39:06 -0600
Subject: [PATCH] prevent changes to brews from non-authors

---
 server/homebrew.api.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index ec8e438fa..563926f01 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -43,6 +43,9 @@ const getBrew = (accessType, fetchGoogle = true)=>{
 				}
 			});
 		stub = stub?.toObject();
+		if(stub?.authors && !stub?.authors.includes(req.account.username)) {
+			throw 'Current logged in user does not have access to this brew.';
+		}
 
 		// If there is a google id, try to find the google brew
 		if(fetchGoogle && (googleId || stub?.googleId)) {