From 2e3908c0093bba41f94d1d2dd81ab5d6c14cd1b6 Mon Sep 17 00:00:00 2001
From: roschaefer <git@roschaefer.de>
Date: Thu, 21 Nov 2019 19:13:46 +0100
Subject: [PATCH] refactor: close session in isAuthor permission

---
 .../src/middleware/permissionsMiddleware.js   | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js
index b0d07c8ec..9ba33d3ff 100644
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@@ -68,21 +68,21 @@ const isAuthor = rule({
   if (!user) return false
   const session = driver.session()
   const { id: resourceId } = args
-  const result = await session.run(
-    `
-  MATCH (resource {id: $resourceId})<-[:WROTE]-(author)
-  RETURN author
-  `,
-    {
-      resourceId,
-    },
-  )
-  session.close()
-  const [author] = result.records.map(record => {
-    return record.get('author')
-  })
-  const authorId = author && author.properties && author.properties.id
-  return authorId === user.id
+  try {
+    const result = await session.run(
+      `
+      MATCH (resource {id: $resourceId})<-[:WROTE]-(author {id: $userId})
+      RETURN author
+    `,
+      { resourceId, userId: user.id },
+    )
+    const [author] = result.records.map(record => {
+      return record.get('author')
+    })
+    return !!author
+  } finally {
+    session.close()
+  }
 })
 
 const isDeletingOwnAccount = rule({