diff options
Diffstat (limited to 'models/users.js')
-rw-r--r-- | models/users.js | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/models/users.js b/models/users.js index dc286128..0d1f2271 100644 --- a/models/users.js +++ b/models/users.js @@ -259,21 +259,38 @@ Users.attachSchema( Users.before.update(function(userId, fieldNames) { const user = Users.findOne({ _id: userId }); - if (user && user.isAdmin || Meteor.user() && Meteor.user().isAdmin) { return true; } - if (!user) { return false; } - if (_.contains(fieldNames, 'services')) { return false; } - if (_.contains(fieldNames, 'heartBeat')) { return false; } - if (_.contains(fieldNames, 'isAdmin')) { return false; } - if (_.contains(fieldNames, 'loginDisabled')) { return false; } - if (_.contains(fieldNames, 'authenticationMethod')) { return false; } + if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin)) { + return true; + } + if (!user) { + return false; + } + if (_.contains(fieldNames, 'services')) { + return false; + } + if (_.contains(fieldNames, 'heartBeat')) { + return false; + } + if (_.contains(fieldNames, 'isAdmin')) { + return false; + } + if (_.contains(fieldNames, 'loginDisabled')) { + return false; + } + if (_.contains(fieldNames, 'authenticationMethod')) { + return false; + } }); Users.allow({ update(userId, doc) { - const user = Users.findOne({ _id: userId }); - if (user && user.isAdmin || Meteor.user() && Meteor.user().isAdmin) return true; - if (!user) { return false; } - return doc._id === userId; + const user = Users.findOne({ _id: userId }); + if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin)) + return true; + if (!user) { + return false; + } + return doc._id === userId; }, remove(userId, doc) { const adminsNumber = Users.find({ isAdmin: true }).count(); |