fix(tasks): quick fix TODO 🐛

weareopensource · Jun 9, 2019 · 8cf75ab · 8cf75ab
1 parent 513267f
commit 8cf75ab
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 11 deletions.
diff --git a/lib/middlewares/policy.js b/lib/middlewares/policy.js
@@ -17,16 +17,10 @@ module.exports.Acl = new ACL(new ACL.memoryBackend()); // Using the memory backe
  */
 module.exports.isAllowed = (req, res, next) => {
   const roles = (req.user) ? req.user.roles : ['guest'];
+  this.Acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), (err, isAllowed) => {
+    if (err) return responses.error(res, 500, 'Server Error', 'Unexpected authorization error')(err);// An authorization error occurred
+    if (isAllowed) return next(); // Access granted! Invoke next middleware
 
-  // If an task is being processed and the current user created it then allow any manipulation
-  if (req.task && req.user && req.task.user && req.task.user.id === req.user.id) next();
-  else {
-    // Check for user roles
-    this.Acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), (err, isAllowed) => {
-      if (err) return responses.error(res, 500, 'Server Error', 'Unexpected authorization error')(err);// An authorization error occurred
-      if (isAllowed) return next(); // Access granted! Invoke next middleware
-
-      return responses.error(res, 403, 'Unauthorized', 'User is not authorized')();
-    });
-  }
+    return responses.error(res, 403, 'Unauthorized', 'User is not authorized')();
+  });
 };
diff --git a/modules/tasks/controllers/tasks.controller.js b/modules/tasks/controllers/tasks.controller.js
@@ -52,6 +52,7 @@ exports.get = (req, res) => {
  * @param {Object} res - Express response object
  */
 exports.update = async (req, res) => {
+  // TODO if (req.task && req.user && req.task.user && req.task.user.id === req.user.id) next();
   try {
     const task = await TasksService.update(req.task, req.body);
     responses.success(res, 'task updated')(task);