diff options
Diffstat (limited to 'models/users.js')
-rw-r--r-- | models/users.js | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/models/users.js b/models/users.js index 46e56ad6..55d85e07 100644 --- a/models/users.js +++ b/models/users.js @@ -258,9 +258,14 @@ Users.attachSchema( ); Users.allow({ - update(userId) { - const user = Users.findOne(userId); - return user && Meteor.user().isAdmin; + update(userId, doc) { + const user = Users.findOne({ _id: userId }); + if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin)) + return true; + if (!user) { + return false; + } + return doc._id === userId; }, remove(userId, doc) { const adminsNumber = Users.find({ isAdmin: true }).count(); @@ -610,8 +615,9 @@ if (Meteor.isServer) { board && board.members && _.contains(_.pluck(board.members, 'userId'), inviter._id) && - _.where(board.members, { userId: inviter._id })[0].isActive && - _.where(board.members, { userId: inviter._id })[0].isAdmin; + _.where(board.members, { userId: inviter._id })[0].isActive; + // GitHub issue 2060 + //_.where(board.members, { userId: inviter._id })[0].isAdmin; if (!allowInvite) throw new Meteor.Error('error-board-notAMember'); this.unblock(); |