From e2dff9afcaf45f604bf7fda4d45b125c6494443f Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 11 Mar 2023 19:08:12 -0500
Subject: [PATCH] fix: Viewers cannot delete their own comments

---
 server/policies/comment.ts | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/server/policies/comment.ts b/server/policies/comment.ts
index 1261eee3f..e339cbc39 100644
--- a/server/policies/comment.ts
+++ b/server/policies/comment.ts
@@ -2,7 +2,7 @@ import { Comment, User, Team } from "@server/models";
 import { allow } from "./cancan";
 
 allow(User, "createComment", Team, (user, team) => {
-  if (!team || user.isViewer || user.teamId !== team.id) {
+  if (!team || user.teamId !== team.id) {
     return false;
   }
   return true;
@@ -12,8 +12,5 @@ allow(User, ["read", "update", "delete"], Comment, (user, comment) => {
   if (!comment) {
     return false;
   }
-  if (user.isViewer) {
-    return false;
-  }
   return user?.id === comment.createdById;
 });