From 1562c6f33154aed419e9247d853aef4322a0b6ee Mon Sep 17 00:00:00 2001
From: Marti Martz <Martii@users.noreply.github.com>
Date: Tue, 16 May 2017 20:33:50 -0600
Subject: [PATCH] Use static nums for role elevation check (#1137)

* I never have liked this test and mathematical calc... it's just asking for a security breach if there is an error somewhere else
* Set to static numbers... we have static numbers all over the place so continue to use these

Applies to #1109 and #1107

Auto-merge
---
 controllers/scriptStorage.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controllers/scriptStorage.js b/controllers/scriptStorage.js
index bcfd46823..bebb85ffd 100644
--- a/controllers/scriptStorage.js
+++ b/controllers/scriptStorage.js
@@ -1337,7 +1337,7 @@ exports.storeScript = function (aUser, aMeta, aBuf, aCallback, aUpdate) {
           }
 
           // Check for role change and modify accordingly
-          if (aUser.role === userRoles.length - 1) {
+          if (aUser.role === 5) {
             if (!aUser.save) {
               // Probably using req.session.user which may have gotten serialized.
               userDoc = aUser;
@@ -1352,7 +1352,7 @@ exports.storeScript = function (aUser, aMeta, aBuf, aCallback, aUpdate) {
                   return;
                 }
 
-                --aUser.role;
+                aUser.role = 4;
                 aUser.save(function (aErr, aUser) {
                   if (aErr) {
                     console.warn('MongoDB User save warning error\n' +
@@ -1365,7 +1365,7 @@ exports.storeScript = function (aUser, aMeta, aBuf, aCallback, aUpdate) {
                 });
               });
             } else {
-              --aUser.role;
+              aUser.role = 4;
               aUser.save(function (aErr, aUser) {
                 if (aErr) {
                   console.warn('MongoDB User save warning error\n' +