Skip to content

Commit

Permalink
Allow any user who has the createProduct permission to also delete pr…
Browse files Browse the repository at this point in the history
…oducts (#1263)

* - ignoring my custom entrypoint (for running prod image with src)

* - allow users with createProduct permission to delete products (for marketplace withmultiple sellers)

* - removing .gitignore files that is not welcome in repo
  • Loading branch information
ScyDev authored and jshimko committed Aug 16, 2016
1 parent a88cb50 commit cb9e65c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion server/methods/catalog.js
Original file line number Diff line number Diff line change
Expand Up @@ -700,7 +700,7 @@ Meteor.methods({
"products/deleteProduct": function (productId) {
check(productId, Match.OneOf(Array, String));
// must have admin permission to delete
if (!Reaction.hasAdminAccess()) {
if (!Reaction.hasPermission("createProduct") && !Reaction.hasAdminAccess()) {
throw new Meteor.Error(403, "Access Denied");
}

Expand Down

0 comments on commit cb9e65c

Please sign in to comment.