From 69c8d7835211e5fdc2959d148ce4ff5e44c208c8 Mon Sep 17 00:00:00 2001
From: Tyler Renelle <tylerrenelle@gmail.com>
Date: Sun, 3 Mar 2013 11:34:09 -0500
Subject: [PATCH] purchase tokens accessControl bug fix

---
 src/server/store.coffee | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/server/store.coffee b/src/server/store.coffee
index ac4ab491af..ad463ecbaa 100644
--- a/src/server/store.coffee
+++ b/src/server/store.coffee
@@ -53,9 +53,10 @@ userAccess = (store) ->
 
     oldBalance = @session.req?._racerModel?.get("users.#{id}.balance") || 0
     purchasingSomethingOnClient = newBalance < oldBalance
-    accept(purchasingSomethingOnClient or @session.req?._isServer)
+    accept(purchasingSomethingOnClient or derbyAuth.isServer(@))
 
   store.writeAccess "*", "users.*.flags.ads", -> # captures, value, accept, err ->
+    accept = arguments[arguments.length - 2]
     err = arguments[arguments.length - 1]
 #    return err(derbyAuth.SESSION_INVALIDATED_ERROR) if derbyAuth.bustedSession(@)
     return accept(false) if derbyAuth.bustedSession(@)