From 4bc6a9bb3c08e55332752bb567709e2864dfa0e1 Mon Sep 17 00:00:00 2001
From: Moe <github@m03.ca>
Date: Sun, 15 Jul 2018 19:52:44 -0700
Subject: [PATCH] add permission check and failed response for monitor delete

---
 camera.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/camera.js b/camera.js
index 507418af..34472394 100644
--- a/camera.js
+++ b/camera.js
@@ -6399,7 +6399,7 @@ app.all(['/:auth/configureMonitor/:ke/:id','/:auth/configureMonitor/:ke/:id/:f']
                     res.end(s.s(req.ret, null, 3))
             }
         }else{
-            if(!user.details.sub||user.details.allmonitors==='1'||user.details.monitor_edit.indexOf(req.params.id)>-1){
+            if(!user.details.sub || user.details.allmonitors==='1' || user.details.monitor_edit.indexOf(req.params.id)>-1 || hasRestrictions && user.details.monitor_create === '1'){
                 s.log(s.group[req.params.ke].mon_conf[req.params.id],{type:'Monitor Deleted',msg:'by user : '+user.uid});
                 req.params.delete=1;s.camera('stop',req.params);
                 s.tx({f:'monitor_delete',uid:user.uid,mid:req.params.id,ke:req.params.ke},'GRP_'+req.params.ke);
@@ -6407,6 +6407,9 @@ app.all(['/:auth/configureMonitor/:ke/:id','/:auth/configureMonitor/:ke/:id/:f']
                 req.ret.ok=true;
                 req.ret.msg='Monitor Deleted by user : '+user.uid
                 res.end(s.s(req.ret, null, 3))
+            }else{
+                req.ret.msg=user.lang['Not Permitted'];
+                res.end(s.s(req.ret, null, 3))
             }
         }
     })