t1meshift
/
expressCart
mirror of https://github.com/t1meshift/expressCart.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Removed incorrect check editing own owner account

master
Mark Moffat 2019-11-08 15:22:31 +10:30
parent 382729c642
commit f43005de8b
1 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
routes/user.js
View File

@ -41,14 +41,6 @@ router.get('/admin/user/edit/:id', restrict, (req, res) => {
return; return;
} }
// Cannot edit the original user/owner
if(user._id !== req.session.userId && user.isOwner){
req.session.message = 'Access denied.';
req.session.messageType = 'danger';
res.redirect('/admin/users');
return;
}
// if the user we want to edit is not the current logged in user and the current user is not // if the user we want to edit is not the current logged in user and the current user is not
// an admin we render an access denied message // an admin we render an access denied message
if(user.userEmail !== req.session.user && req.session.isAdmin === false){ if(user.userEmail !== req.session.user && req.session.isAdmin === false){