github-mirrors/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-04-24 14:08:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

Extracted board access check function

Browse source
This commit is contained in:
mayjs 2017-05-15 21:02:31 +02:00
parent 95e2025ff9
commit 1e8d9f02f3
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
models/boards.js
View file

@ -588,11 +588,8 @@ if (Meteor.isServer) {
});
JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
Authentication.checkLoggedIn( req.userId);
const id = req.params.id;
const board = Boards.findOne({ _id: id });
const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
Authentication.checkAdminOrCondition(req.userId, normalAccess);
Authentication.checkBoardAccess( req.userId, id);
JsonRoutes.sendResult(res, {
code: 200,

9
server/authentication.js
View file

@ -39,5 +39,14 @@ Meteor.startup(() => {
}
}
// Helper function. Will throw an error if the user does not have read only access to the given board
Authentication.checkBoardAccess = function(userId, boardId) {
Authentication.checkLoggedIn(userId);
const board = Boards.findOne({ _id: boardId });
const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId);
Authentication.checkAdminOrCondition(userId, normalAccess);
}
});