From 1ca84eb82b6d8651332f1c237eb2f27e02a78183 Mon Sep 17 00:00:00 2001
From: Eric Martindale <eric@ericmartindale.com>
Date: Mon, 4 May 2015 18:28:37 -0400
Subject: [PATCH] Fix issue with profiles for non-editors.

---
 controllers/people.js | 8 ++++++--
 soundtrack.js         | 3 +--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/controllers/people.js b/controllers/people.js
index 794868f6..589efc90 100644
--- a/controllers/people.js
+++ b/controllers/people.js
@@ -209,8 +209,12 @@ module.exports = {
     });
   },
   edit: function(req, res, next) {
-    Person.findOne({ slug: req.param('usernameSlug') }).exec(function(err, person) {
-      if (!person) { return next(); }
+    if (!req.user) return next();
+    Person.findOne({
+      _id: req.user._id,
+      slug: req.param('usernameSlug')
+    }).exec(function(err, person) {
+      if (!person) return next();
 
       person.bio    = (req.param('bio'))   ? req.param('bio')   : person.bio;
       person.email  = (req.param('email')) ? req.param('email') : person.email;
diff --git a/soundtrack.js b/soundtrack.js
index b625b5fe..2b7d102d 100644
--- a/soundtrack.js
+++ b/soundtrack.js
@@ -623,7 +623,7 @@ app.get('/listening', requireLogin , function(req, res) {
 //But first we record the token's authData, user and time.
 //We use the recorded time to make sure we issued the token recently
 app.post('/socket-auth', requireLogin, auth.configureToken);
-
+app.post('/:usernameSlug', people.edit);
 app.post('/chat', requireLogin, function(req, res) {
   var room = app.rooms[ req.room ];
   if (!room) return next();
@@ -863,7 +863,6 @@ app.get('/:usernameSlug/:playlistSlug', playlists.view);
 app.get('/:usernameSlug/plays', people.listPlays);
 app.get('/:usernameSlug/mentions', people.mentions);
 app.get('/:usernameSlug', redirectToMainSite , people.profile);
-app.post('/:usernameSlug', people.edit);
 
 // catch-all route (404)
 app.get('*', function(req, res) {