updated revoke session middleware to allow self or admin or global mod invocation, tweaked tests a bit

2025-12-22 00:10:25 +01:00 · 2016-12-02 10:50:42 -05:00
parent aad9a39f02
commit 33ff5e09bb
5 changed files with 14 additions and 9 deletions
--- a/src/controllers/accounts/session.js
+++ b/src/controllers/accounts/session.js
@@ -13,13 +13,9 @@ sessionController.revoke = function (req, res, next) {
 	}

 	var _id;
-	var uid;
+	var uid = res.locals.uid;
 	async.waterfall([
 		function (next) {
-			user.getUidByUserslug(req.params.userslug, next);
-		},
-		function (_uid, next) {
-			uid = _uid;
 			if (!uid) {
 				return next(new Error('[[error:no-session-found]]'));
 			}