From c6cd40a679f98f0a37fbbb27da8cd7c12602d729 Mon Sep 17 00:00:00 2001
From: Martina <martinalong10@gmail.com>
Date: Wed, 13 Oct 2021 13:39:49 -0700
Subject: [PATCH] added forgotten check for remove file from slate

---
 pages/api/slates/remove-file.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pages/api/slates/remove-file.js b/pages/api/slates/remove-file.js
index 11a7c71c..2daa54a3 100644
--- a/pages/api/slates/remove-file.js
+++ b/pages/api/slates/remove-file.js
@@ -36,6 +36,12 @@ export default async (req, res) => {
     });
   }
 
+  if (slate.ownerId !== id) {
+    return res
+      .status(403)
+      .send({ decorator: "SERVER_REMOVE_FROM_SLATE_SLATE_NOT_FOUND", error: true });
+  }
+
   let response = await Data.deleteSlateFiles({ slateId: slate.id, ids: fileIds });
 
   if (!response || response.error) {