|
|
@ -44,7 +44,9 @@ export default class TaskController extends SiteController { |
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
async function checkTaskOwnership (req, res, next) { |
|
|
async function checkTaskOwnership (req, res, next) { |
|
|
|
|
|
if (Array.isArray(res.locals.task.project.managers) && (res.locals.task.project.managers.length > 0)) { |
|
|
res.locals.manager = res.locals.task.project.managers.find((manager) => manager._id.equals(req.user._id)); |
|
|
res.locals.manager = res.locals.task.project.managers.find((manager) => manager._id.equals(req.user._id)); |
|
|
|
|
|
} |
|
|
if (!res.locals.manager && !res.locals.task.user._id.equals(req.user._id)) { |
|
|
if (!res.locals.manager && !res.locals.task.user._id.equals(req.user._id)) { |
|
|
return next(new SiteError(401, 'This is not your task')); |
|
|
return next(new SiteError(401, 'This is not your task')); |
|
|
} |
|
|
} |
|
|
@ -52,7 +54,9 @@ export default class TaskController extends SiteController { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
async function checkSessionOwnership (req, res, next) { |
|
|
async function checkSessionOwnership (req, res, next) { |
|
|
|
|
|
if (Array.isArray(res.locals.task.project.managers) && (res.locals.task.project.managers.length > 0)) { |
|
|
res.locals.manager = res.locals.task.project.managers.find((manager) => manager._id.equals(req.user._id)); |
|
|
res.locals.manager = res.locals.task.project.managers.find((manager) => manager._id.equals(req.user._id)); |
|
|
|
|
|
} |
|
|
if (!res.locals.manager && !res.locals.session.user._id.equals(req.user._id)) { |
|
|
if (!res.locals.manager && !res.locals.session.user._id.equals(req.user._id)) { |
|
|
throw new SiteError(401, 'This is not your session'); |
|
|
throw new SiteError(401, 'This is not your session'); |
|
|
} |
|
|
} |
|
|
|
