From 3f75f3d59b411666f81259ba13bf18cd1ab5ef02 Mon Sep 17 00:00:00 2001
From: Jack <jfoltzt@gmail.com>
Date: Fri, 13 Oct 2017 16:16:48 -0400
Subject: [PATCH] Add a check for upload permission

---
 app/routes/upload.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/app/routes/upload.js b/app/routes/upload.js
index 95cad37..8c6bcfe 100644
--- a/app/routes/upload.js
+++ b/app/routes/upload.js
@@ -24,11 +24,10 @@ function genFileName() {
 }
 
 router.post('/', dest.single('file'), function(req, res) {
-    //if (!req.payload._id) {
-        //console.log("Got unauthorized POST attempt");
-        //res.status(401);
-        //return;
-    //}
+    if (req.payload.scope.indexOf('file.upload') === -1) {
+        res.status(401).json({'message': 'Permission error.'});
+        return;
+    }
 
     var entry = {
         name: genFileName(),