mirror/cherrypick
1
1
Fork 0
mirror of https://github.com/kokonect-link/cherrypick synced 2024-11-01 23:55:58 +09:00
Code

Make admin can delete any note

Browse Source
This commit is contained in:
syuilo 2018-09-19 17:29:03 +09:00
parent 7576569dc9
commit faf29b768f
No known key found for this signature in database
GPG Key ID: BDC4C49D06AB9D69
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/client/app/common/views/components/note-menu.vue
View File

@ -33,12 +33,16 @@ export default Vue.extend({
text: '%i18n:@pin%', text: '%i18n:@pin%',
action: this.pin action: this.pin
}); });
}
if (this.note.userId == this.$store.state.i.id || this.$store.state.i.isAdmin) {
items.push({ items.push({
icon: '%fa:trash-alt R%', icon: '%fa:trash-alt R%',
text: '%i18n:@delete%', text: '%i18n:@delete%',
action: this.del action: this.del
}); });
} }
if (this.note.uri) { if (this.note.uri) {
items.push({ items.push({
icon: '%fa:external-link-square-alt%', icon: '%fa:external-link-square-alt%',
@ -48,6 +52,7 @@ export default Vue.extend({
} }
}); });
} }
return items; return items;
} }
}, },

7
src/server/api/endpoints/notes/delete.ts
View File

@ -21,14 +21,17 @@ export default (params: any, user: ILocalUser) => new Promise(async (res, rej) =
// Fetch note // Fetch note
const note = await Note.findOne({ const note = await Note.findOne({
_id: noteId, _id: noteId
userId: user._id
}); });
if (note === null) { if (note === null) {
return rej('note not found'); return rej('note not found');
} }
if (!user.isAdmin && !note.userId.equals(user._id)) {
return rej('access denied');
}
await deleteNote(user, note); await deleteNote(user, note);
res(); res();