		@@ -145,2 +145,12 @@ 'use strict';
		/**
		* Tests if user is the owner of a content entity.
		*
		* @method isUserOwner
		* @return {Boolean} true if the user is the owner, false otherwise
		*/
		ContentModel.prototype.isUserOwner = function(entity) {
		return this.user && entity.metadata && entity.metadata.user === this.user.id;
		};

		/**
		* Validates that the user is authorized to manipulate a content entity.
		@@ -162,5 +172,5 @@ *
		if (this.isUserAdmin() \|\|
		this.isUserOwner(entity) \|\|
		!this.user \|\|
		(entity.metadata && entity.metadata.user === applicationStorage.getAnonymousUserId()) \|\|
		(entity.metadata && entity.metadata.user === this.user.id)
		(entity.metadata && entity.metadata.user === applicationStorage.getAnonymousUserId())
		) {
		@@ -280,5 +290,9 @@ return true;
		if (!error) {
		if (self.isUserAuthorized(entity, ContentModel.UPDATE_OPERATION))
		if (self.isUserAuthorized(entity, ContentModel.UPDATE_OPERATION)) {

		// user is authorized to update but he must be owner to update owner
		if ((!self.isUserOwner(entity) && !self.isUserAdmin()) && data.metadata && data.metadata.user)
		delete data.metadata.user;
		self.provider.update(id, data, callback);
		else
		} else
		callback(new AccessError('User "' + self.user.id + '" doesn\'t can`t update entity "' + id + '"'));
		@@ -285,0 +299,0 @@ } else

package.json

		{
		"name": "@openveo/api",
		"version": "3.0.0",
		"version": "3.0.1",
		"description": "API for OpenVeo plugins",
		@@ -5,0 +5,0 @@ "keywords": [

README.md

		@@ -19,3 +19,3 @@ # OpenVeo API

		Documentation is available on [Github pages](http://veo-labs.github.io/openveo-api/3.0.0).
		Documentation is available on [Github pages](http://veo-labs.github.io/openveo-api/3.0.1).

		@@ -22,0 +22,0 @@ # Contributors

@openveo/api - npm Package Compare versions

New alerts