baudehlo/auth.js

## auth.js
    api.model.employees.get(req.params.id, function(err, employee) {
        if (err) {
            console.error("Error fetching employee from database");
            return res.send(500);
        }
        if (!employee) {
            console.error("No such employee");
            return res.send(404);
        }
        if (employee.company_id != req.session.user.company.id) {
            console.error("Attempt to fetch another user's company");
            return res.send(403);
        }
        ...
	api.model.employees.get(req.params.id, function(err, employee) {
	if (err) {
	console.error("Error fetching employee from database");
	return res.send(500);
	}
	if (!employee) {
	console.error("No such employee");
	return res.send(404);
	}
	if (employee.company_id != req.session.user.company.id) {
	console.error("Attempt to fetch another user's company");
	return res.send(403);
	}
	...