From d8b468b0f42a0a762f4d59879f95480b3903e1c4 Mon Sep 17 00:00:00 2001
From: Konstantin Dyachenko <drakonard@gmail.com>
Date: Sun, 6 Aug 2023 00:25:43 +0000
Subject: [PATCH] better permissions

---
 index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.ts b/index.ts
index f5e1fe04..5d13f3ec 100644
--- a/index.ts
+++ b/index.ts
@@ -120,8 +120,8 @@ app.post('/file', async (req, res, next) => {
     console.log('/file post proxy','error: ', e);
   }
   if (!userId) res.status(403).send('Update CAN NOT be processes');
-  const canResult = await deep.can(linkId, userId, await deep.id('@deep-foundation/core', 'AllowUpdateType')) || await deep.can(userId, userId, await deep.id('@deep-foundation/core', 'AllowAdmin'));
-  console.log('/file post proxy','can', await deep.can(linkId, userId, await deep.id('@deep-foundation/core', 'AllowUpdateType')), 'isAdmin', await deep.can(userId, userId, await deep.id('@deep-foundation/core', 'AllowAdmin')));
+  const canResult = await deep.can(linkId, userId, await deep.id('@deep-foundation/core', 'AllowUpdateType')) || await deep.can(null, userId, await deep.id('@deep-foundation/core', 'AllowAdmin'));
+  console.log('/file post proxy','can', await deep.can(linkId, userId, await deep.id('@deep-foundation/core', 'AllowUpdateType')), 'isAdmin', await deep.can(null, userId, await deep.id('@deep-foundation/core', 'AllowAdmin')));
   console.log('/file post proxy','userId', userId, typeof(userId));
   console.log('/file post proxy','canResult', canResult);
   if (!canResult) return res.status(403).send(`You cant update link ##${linkId} as user ##${userId}, and user ##${userId} is not admin.`);