From 72253f9cb5c61bbba9213006d6b80aa7d55af7b1 Mon Sep 17 00:00:00 2001
From: Nicolas Giard <github@ngpixel.com>
Date: Fri, 25 Jan 2019 17:19:52 -0500
Subject: [PATCH] fix: root admin access deny bug + patreon link

---
 .editorconfig                                |   1 +
 client/components/admin/admin-contribute.vue |  10 +++++-----
 client/components/editor.vue                 |   2 +-
 client/static/img/become_a_patron_button.png | Bin 0 -> 6579 bytes
 dev/docker/Dockerfile                        |   6 +++---
 dev/docker/docker-compose.yml                |   4 ++--
 server/controllers/common.js                 |   3 +++
 server/core/auth.js                          |  12 ++++--------
 8 files changed, 19 insertions(+), 19 deletions(-)
 create mode 100644 client/static/img/become_a_patron_button.png

diff --git a/.editorconfig b/.editorconfig
index 8f066db4..b9583094 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -5,6 +5,7 @@ indent_style = space
 indent_size = 2
 charset = utf-8
 trim_trailing_whitespace = true
+end_of_line = lf
 insert_final_newline = true
 
 [*.{jade,pug,md}]
diff --git a/client/components/admin/admin-contribute.vue b/client/components/admin/admin-contribute.vue
index 94932508..3d74e79d 100644
--- a/client/components/admin/admin-contribute.vue
+++ b/client/components/admin/admin-contribute.vue
@@ -7,10 +7,6 @@
           .admin-header-title
             .headline.primary--text {{ $t('admin:contribute.title') }}
             .subheading.grey--text {{ $t('admin:contribute.subtitle') }}
-          v-spacer
-          v-btn(depressed, color='primary', href='https://opencollective.com/wikijs', large)
-            v-icon(left) local_atm
-            span {{ $t('admin:contribute.makeADonation') }}
         v-card.mt-3
           v-card-text
             i18next.body-1.pl-3(path='admin:contribute.openSource', tag='div')
@@ -20,7 +16,11 @@
             .body-1.pt-3.pl-3 {{ $t('admin:contribute.needYourHelp') }}
             v-divider.mt-3
             v-subheader {{ $t('admin:contribute.fundOurWork') }}
-            .body-1.pl-3 {{ $t('admin:contribute.openCollective') }}
+            .body-1.pl-3 {{ $t('admin:contribute.patreon') }}
+            v-card-actions.ml-2
+              a(href='https://www.patreon.com/bePatron?u=16744039', :title='$t(`admin:contribute.becomeAPatron`)')
+                img(src='/img/become_a_patron_button.png', :alt='$t(`admin:contribute.becomeAPatron`)' style='width:200px;')
+            .body-1.mt-3.pl-3 {{ $t('admin:contribute.openCollective') }}
             v-card-actions.ml-2
               v-btn(outline, :color='darkMode ? `blue lighten-1` : `primary`', href='https://opencollective.com/wikijs')
                 v-icon(left) local_atm
diff --git a/client/components/editor.vue b/client/components/editor.vue
index a380a20e..3e2fc3ed 100644
--- a/client/components/editor.vue
+++ b/client/components/editor.vue
@@ -26,7 +26,7 @@
           @click.native.stop='exit'
           )
           v-icon(color='red', :left='$vuetify.breakpoint.lgAndUp') close
-          span.white--text(v-if='$vuetify.breakpoint.lgAndUp') {{ $t('common:actions.discard') }}
+          span.white--text(v-if='$vuetify.breakpoint.lgAndUp') {{ $t('editor:close') }}
     v-content
       component(:is='currentEditor')
       editor-modal-properties(v-model='dialogProps')
diff --git a/client/static/img/become_a_patron_button.png b/client/static/img/become_a_patron_button.png
new file mode 100644
index 0000000000000000000000000000000000000000..5443ec96319d128bc1f2c8cf348f97c4565c5cc1
GIT binary patch
literal 6579
zcmeI1XHZjLwD#dIC`D9yk*-Jw>AgztK?qeq2q2*;h!8*`AiWBNra_uW4TO%A0Mc6k
zAv6h{P>l56Uer(T{dT|KnKkE}nKNrW&)R#Ry=Q(W%E&;If{clbfPjEPTT9KDfPk>_
z`q_!(=Jgd(Li6GJM&zubuR=h8OdvmhPE0_+2-a3pG4UhB!*7kvcEGx~w6^jl?es*r
z_TvdZVgv4K7jitT;NWQGAfl6WzHy)Ac@=5EWLV;-s)rxDgoq~Jzq|3?fTw^_Z*A62
zRjSh@6v;c6?6d{n`Vo-#VSoB4dLIiNLVgw(V;Vfy_>5Q`g3E3ESh_Rvp5Q<Bzd_73
zPg{*Glq7ja@Fy7ly9e^Sr%XU}9c20hA*I8!5q+V5UnwUpFcJ{nyAB?4LXt{VUpBtG
z|B9%DJO52k&K@RW?;)FgTPXjp91&yI-vokSRqA)_{I8F4cK@kfi`@J_k^eDV%0&|-
zsVGlE7vrMw^r{1C%W4aN72gL-sKai7n>M%;rY%?_K9ZzM`L;4~|JGJ=(2@J7p_0x5
z^<7HAW1fSSNTPqUb0;{9yfQ4fb+o8s)Zu9rRh(7GIhsukYY_0k(rpJ+u%nx3`390(
zgW;YAYmPowKHZ5Z3_SRv<~gLjs(JhG%qeq_>{}<+geKMXD=u$A8H!#l-4`-|C>H70
z7336I8Tp~zY4jQ+UmRD3muqVLSrY`of%kZ7*&QTup~rQ-a~>0^F44++zSAGaHa3k;
zCY-4U1Ikw_Uvm5_e?%%ScVqm5$!YcjvC;Z_wpi`RDfNJoGW924FS$oX`=>{wZ~kqj
zM<%$PO!TV4p=ZWU$7(0~xz@Ve9JeKCq&79C{oe|b)yz&TR`;BF)-(4C9dEP)e3pD(
z&Z6JeiQ3RQd27W}0&!^{&F@e(x$T1W4_*6VIQ_%=bH5FEQERHj(El<*jcv%)_5@$V
zr9&7zbgy;KHqCX1Xlj^qneC<DY<L`3XdNCwgAKZ|Zf47*E295w6W_p=@c1hRr4f-2
zVKqdFrLEx`Xomb_*OtQ8C-l>`zIc90%)%(Uy~OF~J7%Z?jiQ@a4%t1c+_lRZIf`;}
z%nho3E|f{}2EM!*Cg$NtNZ&QO3HO`X(!j3H#HHY4lO)o<*h1O_@<==z5iLd~-#P0q
z{6`HHEUR?D$z=n9U|_-S=OJ!?Tp8F49sm?8U>jfg9Av=>)Spc{haYKoJiTXha_$|~
zw*s=P649?Vh3<2#H<VNFpti%D?`NfX)UxO(>dfpTNIcRtPQ#|ok(lGTlq{u$D}xh=
z-<kesIZDTWNLL?#@7ohbw}#;|R<tc(Pd~a1qAzTapgpO#b8uw6O%{zoA|xR2!&rx-
zY@gl^`Lxp7ritR#oSZ*f<I9>|@UnY#5zF{6a<%4Vo8W|z^u=lZI2ZW^urJnwS#ig%
ztDR&B`E%Dqc2{i|gJti_I;J%(JKw{=_52fr0Vl%HhZj9>qXMHyc+Vo2daXS3)Qo9z
z<P*l2HWRzA_U|-4&Cnb^o#M`0UiM_6J6$5C8KVR#Lg&X8i|Fpt<4kc`y*gbE;N1l0
zGRW%IVVIsoQ)VUcQSThsX3oey#(n(z_tiX+`klT^;ipAUe&EgRdowS_jT$w?h<)ee
zy~gb2Ru;E=BY5jKu40Yu3rb#m?MI_fTWtk4>o5+RT5;Ys0BSc7c$n2e?-4&R=TV1v
zXDlkaQPJwA`GlrCfuF@s8rJewM=sj6@HS%@1w6<@pJSCSKh-uWJpO_ea>l&&sB=hx
zRp$1^wzEW-`LF*J0sVTpqe>V2CGQhlAVEJ!cqG~TZkJ*K?peu$O=fb`$BaM;MUr#(
zH!ir@Od(y3olESk;bB8RlUCvFfyBKxAk2);wj}nG&eyAyrm{Dc_Dd1XewPZD!yFb4
zR`W(YDg}yle7)qz`zjiatR+d&RLknW@IK1jC7U}DYU`WbUxZ~n=YKmj&xNl)F!cNg
zFY3^c2aj}$>W<33&1hm&@Aq#nXN5uB%ZO@@{eaI6h6ZvmQ`sw$&UDjZM4p>)Esb&u
zl_<J*O5y%2Adi~Y`@T`4ijSg4<NcWjy*_`BH>ipKJ-#Q*M$Ls$rj?=5sVNk-c?aJh
zNZ6vso=h0f+SdKtUcnWe&pDg!?U37)RaBmY=s#^dk^f4A_41K`b^%Vnz@43Q<L2x+
zKf$apg@R-GQ(f`}Z^J$7$!7V4R&Q1Tx3OZ^MATLqH5==$F^nFwje@H^)VL3@tN8@o
zrW~>OW%e_Q_(+fYf)fp>AdCX=R_YAQz{dy9+n(Q|tgdXG9dMo`rC<(_Pon`9ayQ3G
z#=zMB8*la%coLVKdNRQy#^39$VV#LH9nYubn=*BYY!ZBvy^R=>$E_$`BBtqCkH$y)
zGe&A-<$ubUddB&jIJha1U7e=sT;zrVr*q~4B0|=s)YLnI6oP`>?j-TJ#cqBx9~z-H
zD534cU43fDWiburYU!ItkM)&Q)#Ze0msRWhGCp~cR1`BGa#h@QbbNADJKwOjzG-?^
zY+0qsOskuSMAVi9n*tRm2o2k3gaZ^)dzW^_42{;St9q9pHRg#U#SH3!hb{us3L^sS
z2c_M!Yu|8}^r&`dHZ}E0NTX-Y{OHw!l*)Me6V#z-*xkY9mD^XU*kyhDiO5@Yo*O`o
zc{S3@AX|OmkGLz4jmmom8jz44QGC#j%q|M@AL<@`R8s6qN?L~#C4;!}uSspP!=5cp
z=dUyXyI$l47mBiR7txkHbjOxnHb%&OChoG`asUXN6sYG{+F9}B<s8d$|E+ftWXT_t
zzY=9IaP?Lhk(RfpwJqIc3g+0bJ921sP%1*OyEd@6=~3x5R(QFdDGOFv8z(kj>No|R
zO;<Z)IMiGL56<t_&z7e{kU3&OS?Lo;80)nEO0sR_uQ2$*9B9u66GhxDkJlVSRX%rQ
zN?R<!83>GyzV)|~BiCamf%*NXceyL?(;8=f?o}J2<22XuZ^VDBe+<fD+BT~b?BL6o
zTroRInoBeg`A(k$AmvA>ViDRU-x9;zU#@V8Z~z;^@3u$${xV-s@{7k?K$oY9<w&ce
zk#c$mS@ft(tHVc|C`+jVRV)GJSv$fSfcmZ8%SC@Ub@?s)j8P_bY|_eAfzu^`J~S})
z1#4%cO4+y6`|1!6&D=_lj&@=i#W$$?a-!U{MZ*F6=Z!F`g$*RzG-tRfsi>tu!0-GA
z+w{+x9(2}z8D2|h<<r|^i?gtG?5x=|O1;TrfnFp+rk65eq1{dLv-03(3jRF~tkcZ4
zyus)&XMICUrilrP)BGp9)7gP)Pu`7--fpBD>lya-6V)>5kG8G62R`MS>kYd-GhPwq
zwEGeAI(7$c$CEdZelj}{6Aa!C!z3$Z>gJ+#*lkWYy&%p3IR$v7QHW8opxsx7OK`U0
zRH9zhp&7DvKHej$IYb$yx*Om`^*YGyQabIbz>O4tt$T&EN@?slb8q|IqLQ^<a<+G~
zJuZI8r~rf5*c}gSjcoIFZzqD)8j>XEoK1|;;@Owhk3YB5?7gZvJXNdIY6Q+ph*y3|
zU;$+fP++@0cII}(X8PD8>zm+(z2^%YRty$xvA50D?^l8iW2UFc?Da<Q*?uhp6sw*;
zPwRP9<$g-m<G`@-S)Nri`m)JaKd?LtI>?l)oQgMB5qQ_EfC6>WEL9BI`VTRQlsAUx
zLAPxT2_w1E1cneqB8T$|n2xHbM$<R}0Se<sz5ElFw?s8_A(Y;Ot^aW*3VLXS>Hr#g
z>7PB|XgYe61hr5p1<YpSS{5`Mv%UsR^*2p<xs4fpjpy)OaY(?9WtKW63p;wCNY8!v
z&Ss`KKsAVNIqqsE%Z0gL%^++)#lrVI*JHnBAwCU9#)?Qw(;Yg^F7xi@iW@k4k{pa7
zg8DT*1+JOpV7NzC!J-F$GlTmJ;1;1mz~$67UsEWYwW6k~**g-2R*{D)z;Wk`c@lLL
z5Lw|A_85I8-(dT?Eu5sbjS!clQz0!#rFtrS^;>^3d9Ij{9)nQ+ax#V1Qi$7%nh=uA
zRhPjOIq4`NaSJA5%LOhjj*5Kde;^&WL79am=YO;zislJyN6os3_A&`LLTE+WXAZFd
z!QzEH;IWi-J!ttZtJ&~I!fJBX1?UR{B^c2+HuJ`rtYf1ZuA<TTp;$))nX7LOC1d=a
z!-M_yd7uHPnl%k5GC2*7T|UT%X;3v}bTJahar!c9n%%1Pd4<k`B6t#lLhqMnkEWq0
zO$P%Xo}EGCLX^&HsnU)@RY@ziwS(3xbRN1R3aGQcYbJY>!t2rIeJR3|)s(&FeR|gX
zc}XeH2&Z#5V1P$whOeK9Ic}DIkoBy!l!|P8m?dSL8bOu89YbWHTGkUHywx_)VBT)F
z;kw$Xp-C{(pm;vX5a79o=dF(|J7=z0GM|=veeObGD`XkAU0YntZ-_6PAc0QgbC_Tx
z+6Lsblw`pKqno(T{EXP32QE{Ila_g#?x-^@c`GkE4jOQLtfECaSbCUr*xtbE#|nVk
zV_G%C9w9)UqC2Nl;+^WevhW`8-o#XblV_u5y$U^9sVL(CE^wPkk$=-j<JxO}x)wFS
zIMr5a#w_9X3RO6Go(`9Z=ym}HEj$ogl5iX^%DONSFpw_h9TE*Sj~{|Zj;Nf3>`j)6
zmj29-#21<<t|;%#0a}ApLUn^o^#|Lo&upO;C0mm+YPKk+cBOn-ofxjw?R=vLq6^$N
zZ~X56LTw#tRqnc(=ECoD8*-ulvbVe>EgGyrmr}VCJOF3(J{vJfz%lD|XX&j}87!o!
z7(X^4UvNT7WJ`;b(e8hJ<*LYdzzc*;ssvWV$@IjyE@(d3GX_4d9QwMD2umAxi6hG3
ze$ZbPJfIX!4H9ueqKq9GgM&PP57aROKgg~!iKnA@5uXOU2;X1@(D5woDD<L4&{I55
zt<BG{zL6IksiPUxkcR$9<uNM}+yt?!rh;rHMRz!Qb)={y9(~=P4?S*v;YY%Ux`juu
zf}T@DN4Oc4m!FZeO2J8j;n+j?Yc?)$**3;CVD8!OVv6>2xu$(zvdJAp)}AQr&P6I*
zmDNf!s@LbZHP*Z-fT~i$u8KT2?sSwA)Ro>YD37<sWS6x_hBdv*=x{|*gA@%K_K5UJ
zw2{?bp|QJ6S<XubAVfDgq)qn|ONVkU3%Cw=JabU!BY-JAycNF;lW9>8+KsVHGaXGa
zf6=F9r6@FgPZju<8odMz+3%0osyYggTwO@W+dgrQ@{0<;zl*t37xWu)GOdKH`$Vr_
z9k>ni3r4YYe0XQSlvfQ|$x^z?qZKqfQ#g}RkSg#<4VzxL@SV}`U3s-Ylwl;^3NiRz
zD&rysgb=0*ui&MPF^_6afDU{@AWx=D?iaHsT%8_4h4JjJ>s`FS_lp*4moGLO8mY>6
z7N1*%Otps+TOLzgEeXFmA(P@0($p$8#jslj>t8xHCRhefcz=02#;{peig!2eqc+^L
z*JmIWJFRZA)oL0TSyjllIFWejyi^J9$4~v}9vrkz%`l^@mO2}G7`9Tzl0m_&e@|Ep
zAm=E@K1d$Z**<yaGWaTSL*~I<G^&UjI^0XeI_1btwkSDpksUL-yKhx0QyIxz64-~5
zn_vi11K>|75DUU3Da3hrK9u`Pg--bLXX@$P-`;&GKVA;?OcZ=vM&foeRZ0mUZQe9v
zRMc8c{^=J;4O~Tg3jQgmtq?VFIpUasT8v^JzsL1uU_e!xL&UHv#57QLT4mt(9<$mp
z_s`TCqXi_{2RaYN#{6x(ozL@^H%fHi>{()?dOLgD=bEMzlcyE})_6N%L*&xlYwI4$
z3<8=XNkYRrXPTD|0~1*D`93u_zaKCM-dxuSCeL4PJIgmSCf3#NEwHwnaz>qT%k>mw
zW;PEw%a}>Vhr)%QHYk3A+`5tyMV4EPuW#VE5}J&j0P>tjxq#!xXDoac4k{XNeH7w5
z5Q#V!Iv3WqqR#FN8VfUr@-k9eht0C1IUhvdgi9s?6|5r2!C)}DuYddyvbN(dnkQ)h
zxG^D6s2_DP9KYQbpal(vJISG2-1aR}2f<~KU-I%-FvOBXcw0?c#xtH=X|ql0PTYE3
zMTj1I_+2!J`<r*1gQdi)sniB0S56=|#<F_GYk{TSh;A)4{@4KA%Q7>bd9~e<gE&Gf
z#m}0pI_Uh$m$JL{tsPysucnMNBemdP{w=^yA9E^M@9SUsY1i>e_lfg)tXd5%v5XK4
zl#kfV+8)yvg$tlIhw}u4!diSdOVYU2rub29rqCBb@e$3j?|-d)pR+&HkvUY!^wgDW
z#&s|D@pc;8oakVCL<T25n=Xv@I(MbAX(iQ{k|91jt!#`wM^!t#HUY|R<TFUWTKwfc
z$o3*{lP0g@`ojUJADa~jw!@D+`q!|0wRsU?bRboYRp)TDd`6wFbfmmZ|AGevAR&t(
zzGtX&Svs-I_nFkFdZ)20{?kU8Uo))m&a-k>z)gpIPTK&V_F--3v0jlR=ATe{VtQa4
z5r~GlQvGA&B+%=uF%Ww$7IfEQKGH0y^q#eM(bT0vsu1;+o85yMo9nIeacYZKe#Tw#
z)KoWpUaQHOm=yfEy%CkH>Zn1vPig0Er6-9s-a)0Nmo*!RM~2$<`J%wocydIw=)mF&
zR~Gp42LM2r$O2XUguyAk&pd|RMdW)9v;38@GqoDY9)b|-3#I8?zN}041_=RcE0VNV
z7TDk~2K?ffdIlZf{p3pNulOlGd&|P0-$OVfRP~Dag<U-*4wqRksF%oQa*Agki5NGe
zPkdEFz)Gv%u%-&5S{c9~7_Se4x5KZz;&G=#a|-t!87I$=kl6EB(*lMQ>6o{9=eer<
zw)_2S)$4PV!fYywvQ-7wyBgIFBwEX~yLZw3@T-|{{%NteP|4&ov$Q9u>hE^_>HJTd
zK8AFYC(aIU;^q(ur8$GAR@HkeEA`tCDjBr0zTb18NP@a037)zvN&9F6m5}^&3R?<Q
z@!t<{bo_bmxb00%S{4`I-}o6X9>$mkJ$<t4_d`$Y3bqJ)fNybX9)8y3IYmqVg)5<>
zw^kUnQZ_#oTn1eOAQh@Ag%<%bC8Cbv^cAGyu%)4wuFul69K>E-$OoLfd=o8+d68-s
z+u_q3{}}P9_@)HFXOze!h3?F8?<g_N$1na>jDXf1n{<|I+?5>U5<$%CZPEp7((tyk
z(mXmnsoM~Y*fn6ZhkhCaH+-`H<~3~_GN93Qc?4ns;J>sT5_ihbT}3-l**@BJw2Eh}
z>l~+ndqk7m$x<5mMT}Ki{+RElR8sA3p3kJwvn@-549~qu0RYYF^w_>vETI`RXt8+k
z7!lzlb~%q0=x{t*lOz)Pe#ESTF{rV>U!2a<K9f?{_KG3Od2e7go|>zIDK-vF6%y-9
zaYqPM;fe;Lsvm?)IUw{fu--d3moCTVz)J@o=d;kn=B2YUW`>xdrKr>W`X~OU2;0Rh
z;tXr-l!v?^hOG}hAbF@BVt!mEmf_p>EOk7ZT1&&$iLi#ma))Q+oj-qa=rP1PVmxZG
z*QPe%NC)(0ZUs&nn-+Jc#8_-IjOgClO+xuA3P3o!D+#q|@Lw{$3?t~0gWws*$p2t#
z<!p{?h)wZa_0c~r*+lh@z26m`ZSxO3Q&7J9|5J%9Yyxf`{P!0(zKB#t6K50y1}$AA
zgq~3Sg_W%Ylxrs;YbSECZ0tW@@cjdrjimd5YM9?QbL9Vtv~d!sNSa^7VM4AQDbHPN
zY&Ht1hyJl+S3#njNCAZA)%-Cq?0b#KPZ7E!?0*s&1g@=yj?cXi{8M(H<(jLvY#NJ`
z{ORLn3<1%U-GP)P`5(&uR`VLhZ+)Yo_+vEq|K$GHgV}m@gAl@dOZm2L(e+;#0&R5z
KHH4~N$o~U?WNUZ;

literal 0
HcmV?d00001

diff --git a/dev/docker/Dockerfile b/dev/docker/Dockerfile
index 2ec469c4..f6545b31 100644
--- a/dev/docker/Dockerfile
+++ b/dev/docker/Dockerfile
@@ -1,14 +1,14 @@
 # -- DEV DOCKERFILE --
 # -- DO NOT USE IN PRODUCTION! --
 
-FROM node:10.14-alpine
+FROM node:10-alpine
 LABEL maintainer "requarks.io"
 
 RUN apk update && \
     apk add bash curl git python make g++ --no-cache && \
-    mkdir -p /var/wiki
+    mkdir -p /wiki
 
-WORKDIR /var/wiki
+WORKDIR /wiki
 COPY package.json .
 RUN yarn --silent
 COPY ./dev/docker/init.sh ./init.sh
diff --git a/dev/docker/docker-compose.yml b/dev/docker/docker-compose.yml
index 72f541b8..aabb96c5 100644
--- a/dev/docker/docker-compose.yml
+++ b/dev/docker/docker-compose.yml
@@ -49,8 +49,8 @@ services:
     ports:
       - "3000:3000"
     volumes:
-      - .:/var/wiki
-      - /var/wiki/node_modules
+      - .:/wiki
+      - /wiki/node_modules
     command: ["sh", "./dev/docker/init.sh"]
 
 networks:
diff --git a/server/controllers/common.js b/server/controllers/common.js
index 0f4242b7..f5dc152d 100644
--- a/server/controllers/common.js
+++ b/server/controllers/common.js
@@ -30,6 +30,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
   })
   if (page) {
     if (!WIKI.auth.checkAccess(req.user, ['manage:pages'], pageArgs)) {
+      _.set(res.locals, 'pageMeta.title', 'Unauthorized')
       return res.render('unauthorized', { action: 'edit'})
     }
 
@@ -40,6 +41,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
     page.content = Buffer.from(page.content).toString('base64')
   } else {
     if (!WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) {
+      _.set(res.locals, 'pageMeta.title', 'Unauthorized')
       return res.render('unauthorized', { action: 'create'})
     }
 
@@ -78,6 +80,7 @@ router.get(['/h', '/h/*'], async (req, res, next) => {
   const pageArgs = pageHelper.parsePath(req.path)
 
   if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) {
+    _.set(res.locals, 'pageMeta.title', 'Unauthorized')
     return res.render('unauthorized', { action: 'history'})
   }
 
diff --git a/server/core/auth.js b/server/core/auth.js
index d9056335..50ba8f98 100644
--- a/server/core/auth.js
+++ b/server/core/auth.js
@@ -114,6 +114,7 @@ module.exports = {
         try {
           const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
           user = newToken.user
+          req.user = user
 
           // Try headers, otherwise cookies for response
           if (req.get('content-type') === 'application/json') {
@@ -153,20 +154,18 @@ module.exports = {
    * @param {String|Boolean} path
    */
   checkAccess(user, permissions = [], page = false) {
+    const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
+
     // System Admin
-    if (_.includes(user.permissions, 'manage:system')) {
+    if (_.includes(userPermissions, 'manage:system')) {
       return true
     }
 
-    const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
-
     // Check Global Permissions
     if (_.intersection(userPermissions, permissions).length < 1) {
       return false
     }
 
-    console.info('---------------------')
-
     // Check Page Rules
     if (path && user.groups) {
       let checkState = {
@@ -204,9 +203,6 @@ module.exports = {
         })
       })
 
-      console.info('DAKSJDHKASJD')
-      console.info(checkState)
-
       return (checkState.match && !checkState.deny)
     }