diff --git a/modules/ServerAPI/src/server/routes/ProtocolServiceRoutes.coffee b/modules/ServerAPI/src/server/routes/ProtocolServiceRoutes.coffee index f23523352..fd0ee05e5 100644 --- a/modules/ServerAPI/src/server/routes/ProtocolServiceRoutes.coffee +++ b/modules/ServerAPI/src/server/routes/ProtocolServiceRoutes.coffee @@ -67,23 +67,23 @@ exports.protocolByCodename = (req, resp) -> if req.user? && config.all.server.project.roles.enable serverUtilityFunctions.getRestrictedEntityFromACASServerInternal baseurl, req.user.username, "metadata", "protocol metadata", (statusCode, json) => #if prot is deleted, need to check if user has privs to view deleted protocols - if json.codeName? and json.ignored and !json.deleted - if config.all.client.entity?.viewDeletedRoles? - viewDeletedRoles = config.all.client.entity.viewDeletedRoles.split(",") + if json.codeName? and json.ignored and !json.deleted + if config.all.client.entity?.viewDeletedRoles? + viewDeletedRoles = config.all.client.entity.viewDeletedRoles.split(",") + else + viewDeletedRoles = [] + grantedRoles = _.map req.user.roles, (role) -> + role.roleEntry.roleName + canViewDeleted = (config.all.client.entity?.viewDeletedRoles? && config.all.client.entity.viewDeletedRoles in grantedRoles) + if canViewDeleted + resp.statusCode = statusCode + resp.end JSON.stringify json + else + resp.statusCode = 500 + resp.end JSON.stringify "Protocol does not exist" else - viewDeletedRoles = [] - grantedRoles = _.map req.user.roles, (role) -> - role.roleEntry.roleName - canViewDeleted = (config.all.client.entity?.viewDeletedRoles? && config.all.client.entity.viewDeletedRoles in grantedRoles) - if canViewDeleted resp.statusCode = statusCode resp.end JSON.stringify json - else - resp.statusCode = 500 - resp.end JSON.stringify "Protocol does not exist" - else - resp.statusCode = statusCode - resp.end JSON.stringify json else serverUtilityFunctions.getFromACASServer baseurl, resp