From c08d8d6937ecd5cfb62dca02a87f1c0d48b0dbbd Mon Sep 17 00:00:00 2001
From: John Lyon-Smith <john@lyon-smith.org>
Date: Mon, 26 Mar 2018 13:26:46 -0700
Subject: [PATCH] Fixed permissions when adding teams

---
 server/src/api/routes/TeamRoutes.js | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/server/src/api/routes/TeamRoutes.js b/server/src/api/routes/TeamRoutes.js
index 2051403..38fd999 100644
--- a/server/src/api/routes/TeamRoutes.js
+++ b/server/src/api/routes/TeamRoutes.js
@@ -60,10 +60,7 @@ export class TeamRoutes {
   }
 
   createTeam(req, res, next) {
-    const role = req.user.role
-
-    // If user's role is not Executive or Administrator, return an error
-    if (role !== 'executive' && role !== 'administrator') {
+    if (!req.user.administrator) {
       return next(new createError.Forbidden())
     }
 
@@ -80,11 +77,8 @@ export class TeamRoutes {
   }
 
   updateTeam(req, res, next) {
-    const role = req.user.role
-
-    // If user's role is not Executive or Administrator, return an error
-    if (role !== 'executive' && role !== 'administrator') {
-      return new createError.Forbidden()
+    if (!req.user.administrator) {
+      return next(new createError.Forbidden())
     }
 
     // Do this here because Mongoose will add it automatically otherwise
@@ -130,11 +124,8 @@ export class TeamRoutes {
   }
 
   deleteTeam(req, res, next) {
-    const role = req.user.role
-
-    // If user's role is not Executive or Administrator, return an error
-    if (role !== 'executive' && role !== 'administrator') {
-      return new createError.Forbidden()
+    if (!req.user.administrator) {
+      return next(new createError.Forbidden())
     }
 
     const Team = this.db.Team