Skip to content

Commit d8d81e4

Browse files
CookiezaursCookiezaurs
authored
Merge pull request #4015 from Countly/user-rights-accessibility-fix
Added undefined check to user parameters
2 parents 5eacb06 + 965b51e commit d8d81e4

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

api/utils/rights.js

+16-4
Original file line numberDiff line numberDiff line change
@@ -1012,19 +1012,31 @@ exports.hasAdminAccess = function(member, app_id) {
10121012
};
10131013

10141014
exports.hasCreateRight = function(feature, app_id, member) {
1015-
return member.global_admin || member.permission.c[app_id].allowed[feature] || member.permission.c[app_id].all;
1015+
var hasAppSpecificRight = (member.permission && member.permission.c && member.permission.c[app_id] && member.permission.c[app_id].allowed[feature]);
1016+
var hasGlobalAdminRight = member.global_admin;
1017+
var hasAppAdminRight = member.permission && member.permission.c && member.permission.c[app_id] && member.permission.c[app_id].all;
1018+
return hasAppSpecificRight || hasGlobalAdminRight || hasAppAdminRight;
10161019
};
10171020

10181021
exports.hasReadRight = function(feature, app_id, member) {
1019-
return member.global_admin || member.permission.r[app_id].allowed[feature] || member.permission.r[app_id].all;
1022+
var hasAppSpecificRight = (member.permission && member.permission.r && member.permission.r[app_id] && member.permission.r[app_id].allowed[feature]);
1023+
var hasGlobalAdminRight = member.global_admin;
1024+
var hasAppAdminRight = member.permission && member.permission.r && member.permission.r[app_id] && member.permission.r[app_id].all;
1025+
return hasAppSpecificRight || hasGlobalAdminRight || hasAppAdminRight;
10201026
};
10211027

10221028
exports.hasUpdateRight = function(feature, app_id, member) {
1023-
return member.global_admin || member.permission.u[app_id].allowed[feature] || member.permission.u[app_id].all;
1029+
var hasAppSpecificRight = (member.permission && member.permission.u && member.permission.u[app_id] && member.permission.u[app_id].allowed[feature]);
1030+
var hasGlobalAdminRight = member.global_admin;
1031+
var hasAppAdminRight = member.permission && member.permission.u && member.permission.u[app_id] && member.permission.u[app_id].all;
1032+
return hasAppSpecificRight || hasGlobalAdminRight || hasAppAdminRight;
10241033
};
10251034

10261035
exports.hasDeleteRight = function(feature, app_id, member) {
1027-
return member.global_admin || member.permission.d[app_id].allowed[feature] || member.permission.d[app_id].all;
1036+
var hasAppSpecificRight = (member.permission && member.permission.d && member.permission.d[app_id] && member.permission.d[app_id].allowed[feature]);
1037+
var hasGlobalAdminRight = member.global_admin;
1038+
var hasAppAdminRight = member.permission && member.permission.d && member.permission.d[app_id] && member.permission.d[app_id].all;
1039+
return hasAppSpecificRight || hasGlobalAdminRight || hasAppAdminRight;
10281040
};
10291041

10301042
exports.getUserApps = function(member) {

0 commit comments

Comments
 (0)