Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #10906, allow middleware.checkAccountPermissions to be called with either uid or userslug in params

Browse Source 
Previously, the middleware only worked with userslug params
This commit is contained in:
Julian Lam
2022-09-19 10:08:18 -04:00
parent b5dd89e1c0
commit cf4f5447bb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/middleware/user.js
View File

@@ -165,7 +165,11 @@ module.exports = function (middleware) {
return controllers.helpers.notAllowed(req, res);
}
const uid = await user.getUidByUserslug(req.params.userslug);
if (!['uid', 'userslug'].some(param => req.params.hasOwnProperty(param))) {
return controllers.helpers.notAllowed(req, res);
}
const uid = req.params.uid || await user.getUidByUserslug(req.params.userslug);
let allowed = await privileges.users.canEdit(req.uid, uid);
if (allowed) {
return next();