From 9ec4b741c4405d35b9061d3296ed8989cb68bd37 Mon Sep 17 00:00:00 2001 From: Nick Winter Date: Mon, 15 Dec 2014 10:02:05 -0800 Subject: [PATCH] Fixed CLA permissions check. --- server/commons/Handler.coffee | 2 +- server/routes/db.coffee | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/commons/Handler.coffee b/server/commons/Handler.coffee index 640ff8096..0c1b68a2e 100644 --- a/server/commons/Handler.coffee +++ b/server/commons/Handler.coffee @@ -23,7 +23,7 @@ module.exports = class Handler allowedMethods: ['GET', 'POST', 'PUT', 'PATCH'] constructor: -> - # TODO The second 'or' is for backward compatibility only is for backward compatibility only + # TODO The second 'or' is for backward compatibility only @privateProperties = @modelClass?.privateProperties or @privateProperties or [] @editableProperties = @modelClass?.editableProperties or @editableProperties or [] @postEditableProperties = @modelClass?.postEditableProperties or @postEditableProperties or [] diff --git a/server/routes/db.coffee b/server/routes/db.coffee index 42b3b8573..3d490ad60 100644 --- a/server/routes/db.coffee +++ b/server/routes/db.coffee @@ -7,7 +7,7 @@ hipchat = require '../hipchat' module.exports.setup = (app) -> # This is hacky and should probably get moved somewhere else, I dunno app.get '/db/cla.submissions', (req, res) -> - return errors.unauthorized(res, 'You must be an admin to view that information') unless req.user?.isAdmin() or ('github' in req.user?.permissions ? []) + return errors.unauthorized(res, 'You must be an admin to view that information') unless req.user?.isAdmin() or ('github' in (req.user?.get('permissions') ? [])) res.setHeader('Content-Type', 'application/json') collection = mongoose.connection.db.collection 'cla.submissions', (err, collection) -> return log.error "Couldn't fetch CLA submissions because #{err}" if err