ownerIsHelloRunnable check in findBuild middlware flow

Author: cflynn07

lib/middlewares/me.js

@@ -52,22 +52,6 @@ module.exports = createMongooseMiddleware(User, 'sessionUser', {
       }
     };
   },
-  isHelloRunnable: function (modelKey) {
-    return function (req, res, next) {
-      var model = keypather.get(req, modelKey);
-      var modelGithubId = model.owner.github;
-      var userGithubId = req.sessionUser.accounts.github.id;
-      if (modelGithubId === process.env.HELLO_RUNNABLE_GITHUB_ID) {
-        next();
-      }
-      else if (userGithubId === process.env.HELLO_RUNNABLE_GITHUB_ID) {
-        next();
-      }
-      else {
-        next(Boom.forbidden('Access denied (!owner)', { githubId: modelGithubId }));
-      }
-    };
-  },
   isRegistered: function (req, res, next) {
     this.permission('registered')(req, res, next);
   },

lib/routes/instances/index.js

@@ -48,6 +48,7 @@ var findBuild = flow.series(
   checkFound('build'),
   flow.or(
     me.isOwnerOf('build'),
+    ownerIsHelloRunnable('build'),
     me.isModerator),
   mw.req('build.started').require()
     .else(mw.next(Boom.badRequest('Instances cannot use builds that haven\'t been started'))));
@@ -601,7 +602,10 @@ app.post('/instances/:id/actions/copy',
     me.isModerator),
   mw.body('owner.github').require().then(
     mw.body('owner.github').number(),
-    me.isOwnerOf('body')),
+    flow.or(
+      me.isOwnerOf('body'),
+      ownerIsHelloRunnable('body')
+    )),
   // The best way to clone an instance is to just use the post route
   // If we deep copy the build, we can attach its id to the body, and just use the post route
   findBuild,