From a9b3a394de438c739dde147b2b70475c416f0fa2 Mon Sep 17 00:00:00 2001 From: Tom Russell Date: Sun, 30 Sep 2018 22:30:00 +0100 Subject: [PATCH] Only logged-in edits (plus record user with edit) --- app/src/server.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/src/server.js b/app/src/server.js index d0e15c8b..6a748c66 100644 --- a/app/src/server.js +++ b/app/src/server.js @@ -188,9 +188,14 @@ server.route('/building/:building_id.json') }) }) .post(function (req, res) { + if (!req.session.user_id) { + res.send({error: 'Must be logged in'}); + return + } + const user_id = req.session.user_id; const { building_id } = req.params; const building = req.body; - saveBuilding(building_id, building).then(building => { + saveBuilding(building_id, building, user_id).then(building => { if (building.error) { res.send(building) return