Skip to content

Commit e0cd863

Browse files
ar2rsawseenar2rsawseen
committed
One more fix
1 parent b8dc69f commit e0cd863

File tree

1 file changed

+14
-15
lines changed

1 file changed

+14
-15
lines changed

plugins/reports/api/api.js

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -258,23 +258,22 @@ const FEATURE_NAME = 'reports';
258258

259259
convertToTimezone(props);
260260

261-
// TODO: handle report type check
262-
263-
if (!props.apps || !Array.isArray(props.apps) || props.apps.length === 0) {
264-
common.returnMessage(params, 400, 'Invalid or missing apps');
265-
return;
266-
}
267-
268-
let userApps = getUserApps(params.member);
269-
let notPermitted = false;
270-
for (var i = 0; i < props.apps.length; i++) {
271-
if (userApps.indexOf(props.apps[i]) === -1) {
272-
notPermitted = true;
261+
if (props.report_type === "core") {
262+
if (!props.apps || !Array.isArray(props.apps) || props.apps.length === 0) {
263+
common.returnMessage(params, 400, 'Invalid or missing apps');
264+
return;
273265
}
274-
}
275266

276-
if (notPermitted && !params.member.global_admin) {
277-
return common.returnMessage(params, 401, 'User does not have right to access this information');
267+
let userApps = getUserApps(params.member);
268+
let notPermitted = false;
269+
for (var i = 0; i < props.apps.length; i++) {
270+
if (userApps.indexOf(props.apps[i]) === -1) {
271+
notPermitted = true;
272+
}
273+
}
274+
if (notPermitted && !params.member.global_admin) {
275+
return common.returnMessage(params, 401, 'User does not have right to access this information');
276+
}
278277
}
279278

280279
common.db.collection('reports').insert(props, function(err0, result) {

0 commit comments

Comments
 (0)