From 1b716956e9bddbe6610ef2e8ea353b9e15cb9c95 Mon Sep 17 00:00:00 2001
From: Ricardo Hernandez-Montoya <rhernandez@gridhound.de>
Date: Wed, 3 May 2017 10:33:09 +0200
Subject: [PATCH] removed missing user.adminLevel property

---
 routes/users.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/routes/users.js b/routes/users.js
index 3359d22..41f96f9 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -72,23 +72,22 @@ router.put('/users/:id', auth.validateRole('user', 'update'), function(req, res)
     }
 
     // if user is not an admin, only allow some changes on own data
-
     // update all properties
-    if (req.decoded._doc.adminLevel >= 1) {
+    if (req.decoded._doc.role === 'admin') {
       for (property in req.body.user) {
         user[property] = req.body.user[property];
       }
     } else if (req.decoded._doc._id === req.params.id) {
       // only copy the allowed properties since the user is not an admin
       for (property in req.body.user) {
-        if (property === '_id' || property === 'adminLevel') {
+        if (property === '_id') {
           continue;
         }
 
         user[property] = req.body.user[property];
       }
     } else {
-      return res.send({ success: false, message: 'Invalid authorization' });
+      return res.status(403).send({ success: false, message: 'Invalid authorization' });
     }
 
     // save the changes
-- 
GitLab