Fix locked or private permission should block any operation if owner is null

Author: jackycute

lib/realtime.js

@@ -540,7 +540,7 @@ function ifMayEdit(socket, callback) {
             break;
         case "locked": case "private":
             //only owner can change
-            if (note.owner != socket.request.user.id)
+            if (!note.owner || note.owner != socket.request.user.id)
                 mayEdit = false;
             break;
     }
@@ -641,7 +641,7 @@ function connection(socket) {
             if (!noteId || !notes[noteId]) return;
             var note = notes[noteId];
             //Only owner can change permission
-            if (note.owner == socket.request.user.id) {
+            if (note.owner && note.owner == socket.request.user.id) {
                 note.permission = permission;
                 models.Note.update({
                     permission: permission

public/js/index.js

@@ -1907,7 +1907,7 @@ function updatePermission(newPermission) {
             title = "Only owner can view & edit";
             break;
     }
-    if (personalInfo.userid && personalInfo.userid == owner) {
+    if (personalInfo.userid && owner && personalInfo.userid == owner) {
         label += ' <i class="fa fa-caret-down"></i>';
         ui.infobar.permission.label.removeClass('disabled');
     } else {
@@ -1931,7 +1931,7 @@ function havePermission() {
             break;
         case "locked":
         case "private":
-            if (personalInfo.userid != owner) {
+            if (!owner || personalInfo.userid != owner) {
                 bool = false;
             } else {
                 bool = true;