added null check on user when checking permissions

2026-06-04 06:39:02 +02:00 · 2015-10-19 22:29:36 +01:00
parent 2b8dd7248a
commit f61d97a4f6
1 changed files with 3 additions and 1 deletions
@@ -89,7 +89,9 @@ module.exports = SecurityManager =

 	requestIsOwner : (req, res, next)->
 		getRequestUserAndProject req, res, {}, (err, user, project)->
-			if userIsOwner user, project || user.isAdmin
+			if !user?
+				return res.redirect('/restricted')
+			else if userIsOwner user, project || user.isAdmin
 				next()
 			else
 				logger.log user_id: user?._id, email: user?.email, "user is not owner of project redirecting to restricted page"