From 66b974680534c612bcb9606873744933f60d41a5 Mon Sep 17 00:00:00 2001
From: LorenzoJokhan <lorenzoluk@gmail.com>
Date: Fri, 2 Jun 2023 14:07:41 +0200
Subject: [PATCH] Added auth.useReqUser to route delete on article

---
 src/routes/api/article.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/routes/api/article.js b/src/routes/api/article.js
index d692e2bf..151311d5 100755
--- a/src/routes/api/article.js
+++ b/src/routes/api/article.js
@@ -257,9 +257,12 @@ router.route('/:articleId(\\d+)')
 
 // delete article
 // ---------
-	.delete(auth.can('Article', 'delete'))
+	.delete(auth.useReqUser)
 	.delete(function(req, res, next) {
-		req.results
+		const article = req.results;
+		if (!(article && article.can && article.can('delete'))) return next(new Error('You cannot delete this article'));
+
+		article
 			.destroy()
 			.then(() => {
 				res.json({ "article": "deleted" });