fix upload permissions introduced in raik:ufs 0.3.4

amora-labs · Dec 21, 2015 · 1a3796f · 1a3796f
1 parent 2797531
commit 1a3796f
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/lib/fileUpload.coffee b/lib/fileUpload.coffee
@@ -74,13 +74,11 @@ if UploadFS?
  token = cookie.get('rc_token', rawCookies) if rawCookies?
 
  unless uid and token and RocketChat.models.Users.findOneByIdAndLoginToken(uid, token)
- res.statusCode = 403
- res.end('Not Allowed')
- # Just to abort the request
- # See https://github.com/jalik/jalik-ufs/issues/28
- throw new Meteor.Error 403, 'Not Allowed'
+ res.writeHead 403
+ return false
 
  res.setHeader 'content-disposition', "attachment; filename=\"#{ encodeURIComponent(file.name) }\""
+ return true
 
 Meteor.startup ->
  if Meteor.isServer