diff --git a/lib/realtime.js b/lib/realtime.js index 0edf647..b7a17d3 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -540,7 +540,7 @@ function ifMayEdit(socket, callback) { break; case "locked": case "private": //only owner can change - if (note.owner != socket.request.user.id) + if (!note.owner || note.owner != socket.request.user.id) mayEdit = false; break; } @@ -641,7 +641,7 @@ function connection(socket) { if (!noteId || !notes[noteId]) return; var note = notes[noteId]; //Only owner can change permission - if (note.owner == socket.request.user.id) { + if (note.owner && note.owner == socket.request.user.id) { note.permission = permission; models.Note.update({ permission: permission diff --git a/public/js/index.js b/public/js/index.js index 2da07b5..6784684 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1907,7 +1907,7 @@ function updatePermission(newPermission) { title = "Only owner can view & edit"; break; } - if (personalInfo.userid && personalInfo.userid == owner) { + if (personalInfo.userid && owner && personalInfo.userid == owner) { label += ' '; ui.infobar.permission.label.removeClass('disabled'); } else { @@ -1931,7 +1931,7 @@ function havePermission() { break; case "locked": case "private": - if (personalInfo.userid != owner) { + if (!owner || personalInfo.userid != owner) { bool = false; } else { bool = true;