From 39fdd168fae3d07e0210fb6be8a5e5ead4ee08ff Mon Sep 17 00:00:00 2001
From: Riley Davis <riley.davis@gmail.com>
Date: Thu, 15 Dec 2016 13:18:28 -0700
Subject: [PATCH] admins can still view all comment streams

---
 routes/api/comments/index.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes/api/comments/index.js b/routes/api/comments/index.js
index a14b6bba0..90b8b40f2 100644
--- a/routes/api/comments/index.js
+++ b/routes/api/comments/index.js
@@ -24,8 +24,8 @@ router.get('/', (req, res, next) => {
     return;
   }
 
-  // only return comment lists for the owner of the comments
-  if (req.user.id !== user_id) {
+  // if the user is not an admin, only return comment list for the owner of the comments
+  if (req.user.id !== user_id && !authorization.has(req.user, 'admin')) {
     next(authorization.ErrNotAuthorized);
     return;
   }