From e25a56e85cee834fa8b02c38200c995770590c91 Mon Sep 17 00:00:00 2001
From: mntmn <lukas@mntmn.com>
Date: Thu, 9 Apr 2020 17:56:37 +0200
Subject: [PATCH] filter attributes on space PUT

---
 routes/api/spaces.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/routes/api/spaces.js b/routes/api/spaces.js
index c21179a..ea41d3c 100644
--- a/routes/api/spaces.js
+++ b/routes/api/spaces.js
@@ -260,8 +260,17 @@ router.put('/:id', function(req, res) {
   newAttr.edit_slug = slug(newAttr['name']);
 
   delete newAttr['_id'];
-  delete newAttr['editor_name'];
   delete newAttr['creator'];
+  delete newAttr['creator_id'];
+  delete newAttr['space_type'];
+
+  if (req['spaceRole'] != "admin") {
+    delete newAttr['access_mode']
+    delete newAttr['password']
+    delete newAttr['edit_hash']
+    delete newAttr['edit_slug']
+    delete newAttr['editors_locking']
+  }
 
   db.Space.update(newAttr, {where: {
     "_id": space._id