summaryrefslogtreecommitdiffstats
path: root/models/users.js
diff options
context:
space:
mode:
Diffstat (limited to 'models/users.js')
-rw-r--r--models/users.js16
1 files changed, 11 insertions, 5 deletions
diff --git a/models/users.js b/models/users.js
index 46e56ad6..55d85e07 100644
--- a/models/users.js
+++ b/models/users.js
@@ -258,9 +258,14 @@ Users.attachSchema(
);
Users.allow({
- update(userId) {
- const user = Users.findOne(userId);
- return user && Meteor.user().isAdmin;
+ update(userId, doc) {
+ const user = Users.findOne({ _id: userId });
+ if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin))
+ return true;
+ if (!user) {
+ return false;
+ }
+ return doc._id === userId;
},
remove(userId, doc) {
const adminsNumber = Users.find({ isAdmin: true }).count();
@@ -610,8 +615,9 @@ if (Meteor.isServer) {
board &&
board.members &&
_.contains(_.pluck(board.members, 'userId'), inviter._id) &&
- _.where(board.members, { userId: inviter._id })[0].isActive &&
- _.where(board.members, { userId: inviter._id })[0].isAdmin;
+ _.where(board.members, { userId: inviter._id })[0].isActive;
+ // GitHub issue 2060
+ //_.where(board.members, { userId: inviter._id })[0].isAdmin;
if (!allowInvite) throw new Meteor.Error('error-board-notAMember');
this.unblock();
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-09 10:11:12 +0000