From f1db3d04510d4f0376598ebbaf8bd4b073071557 Mon Sep 17 00:00:00 2001
From: Brian Cao <brian@umami.is>
Date: Mon, 16 Jan 2023 13:15:46 -0800
Subject: [PATCH] Add permissions to edit website.

---
 pages/api/websites/[id]/index.js | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/pages/api/websites/[id]/index.js b/pages/api/websites/[id]/index.js
index a3771427..87f3f492 100644
--- a/pages/api/websites/[id]/index.js
+++ b/pages/api/websites/[id]/index.js
@@ -9,8 +9,9 @@ export default async (req, res) => {
   await useAuth(req, res);
 
   const { id: websiteUuid } = req.query;
+  const { userId } = req.auth;
 
-  if (!(await allowQuery(req, TYPE_WEBSITE))) {
+  if (!userId || !(await allowQuery(req, TYPE_WEBSITE))) {
     return unauthorized(res);
   }
 
@@ -58,10 +59,6 @@ export default async (req, res) => {
   }
 
   if (req.method === 'DELETE') {
-    if (!(await allowQuery(req, TYPE_WEBSITE))) {
-      return unauthorized(res);
-    }
-
     await deleteWebsite(websiteUuid);
 
     return ok(res);