From a8424c6ee630916de8b2c785f1279c27a297c380 Mon Sep 17 00:00:00 2001
From: rlacko <rlacko@sch.bme.hu>
Date: Wed, 29 Jul 2020 16:22:08 +0200
Subject: [PATCH] disallow to update attendance or comment on activity

---
 src/resources/activity/activityControllers.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/resources/activity/activityControllers.js b/src/resources/activity/activityControllers.js
index 787b30d..f134126 100644
--- a/src/resources/activity/activityControllers.js
+++ b/src/resources/activity/activityControllers.js
@@ -185,7 +185,7 @@ exports.default.updateOne = async (req, res) => {
   try {
     const activity = await Activity.findOneAndUpdate(
       { _id: req.params.id },
-      req.body,
+      omit(req.body, ['attendance', 'comment']),
       { new: true }
     )
       .populate({
-- 
GitLab