Fixed permissions when adding teams

2018-03-26 13:26:46 -07:00
parent fb5b6823db
commit c08d8d6937
1 changed files with 5 additions and 14 deletions
--- a/server/src/api/routes/TeamRoutes.js
+++ b/server/src/api/routes/TeamRoutes.js
@@ -60,10 +60,7 @@ export class TeamRoutes {
  }

  createTeam(req, res, next) {
-    const role = req.user.role
-
-    // If user's role is not Executive or Administrator, return an error
-    if (role !== 'executive' && role !== 'administrator') {
+    if (!req.user.administrator) {
      return next(new createError.Forbidden())
    }

@@ -80,11 +77,8 @@ export class TeamRoutes {
  }

  updateTeam(req, res, next) {
-    const role = req.user.role
-
-    // If user's role is not Executive or Administrator, return an error
-    if (role !== 'executive' && role !== 'administrator') {
-      return new createError.Forbidden()
+    if (!req.user.administrator) {
+      return next(new createError.Forbidden())
    }

    // Do this here because Mongoose will add it automatically otherwise
@@ -130,11 +124,8 @@ export class TeamRoutes {
  }

  deleteTeam(req, res, next) {
-    const role = req.user.role
-
-    // If user's role is not Executive or Administrator, return an error
-    if (role !== 'executive' && role !== 'administrator') {
-      return new createError.Forbidden()
+    if (!req.user.administrator) {
+      return next(new createError.Forbidden())
    }

    const Team = this.db.Team