github-mirrors/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-04-22 04:57:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add some permission code, to see does it fix something.

Browse source 
Thanks to xet7 !

Related #3377
This commit is contained in:
Lauri Ojansivu 2020-12-17 21:27:02 +02:00
parent 8481c791d7
commit 7f3c4acf62
8 changed files with 117 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

4
client/components/boards/boardArchive.js
View file

@ -3,6 +3,10 @@ BlazeComponent.extendComponent({
this.subscribe('archivedBoards');
},
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
archivedBoards() {
return Boards.find(
{ archived: true },

100
client/components/cards/attachments.js
View file

@ -1,49 +1,61 @@
Template.attachmentsGalery.events({
'click .js-add-attachment': Popup.open('cardAttachments'),
'click .js-confirm-delete': Popup.afterConfirm(
'attachmentDelete',
function() {
Attachments.remove(this._id);
Popup.close();
},
),
// If we let this event bubble, FlowRouter will handle it and empty the page
// content, see #101.
'click .js-download'(event) {
event.stopPropagation();
Template.attachmentsGalery.events({});
BlazeComponent.extendComponent({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
'click .js-add-cover'() {
Cards.findOne(this.cardId).setCover(this._id);
events() {
return [
{
'click .js-add-attachment': Popup.open('cardAttachments'),
'click .js-confirm-delete': Popup.afterConfirm(
'attachmentDelete',
function() {
Attachments.remove(this._id);
Popup.close();
},
),
// If we let this event bubble, FlowRouter will handle it and empty the page
// content, see #101.
'click .js-download'(event) {
event.stopPropagation();
},
'click .js-add-cover'() {
Cards.findOne(this.cardId).setCover(this._id);
},
'click .js-remove-cover'() {
Cards.findOne(this.cardId).unsetCover();
},
'click .js-preview-image'(event) {
Popup.open('previewAttachedImage').call(this, event);
// when multiple thumbnails, if click one then another very fast,
// we might get a wrong width from previous img.
// when popup reused, onRendered() won't be called, so we cannot get there.
// here make sure to get correct size when this img fully loaded.
const img = $('img.preview-large-image')[0];
if (!img) return;
const rePosPopup = () => {
const w = img.width;
const h = img.height;
// if the image is too large, we resize & center the popup.
if (w > 300) {
$('div.pop-over').css({
width: w + 20,
position: 'absolute',
left: (window.innerWidth - w) / 2,
top: (window.innerHeight - h) / 2,
});
}
};
const url = $(event.currentTarget).attr('src');
if (img.src === url && img.complete) rePosPopup();
else img.onload = rePosPopup;
},
},
];
},
'click .js-remove-cover'() {
Cards.findOne(this.cardId).unsetCover();
},
'click .js-preview-image'(event) {
Popup.open('previewAttachedImage').call(this, event);
// when multiple thumbnails, if click one then another very fast,
// we might get a wrong width from previous img.
// when popup reused, onRendered() won't be called, so we cannot get there.
// here make sure to get correct size when this img fully loaded.
const img = $('img.preview-large-image')[0];
if (!img) return;
const rePosPopup = () => {
const w = img.width;
const h = img.height;
// if the image is too large, we resize & center the popup.
if (w > 300) {
$('div.pop-over').css({
width: w + 20,
position: 'absolute',
left: (window.innerWidth - w) / 2,
top: (window.innerHeight - h) / 2,
});
}
};
const url = $(event.currentTarget).attr('src');
if (img.src === url && img.complete) rePosPopup();
else img.onload = rePosPopup;
},
});
}).register('attachmentsGalery');
Template.previewAttachedImagePopup.events({
'click .js-large-image-clicked'() {

10
client/components/cards/checklists.jade
View file

@ -37,8 +37,7 @@ template(name="checklistDetail")
.checklist-title
span
if canModifyCard
if currentUser.isBoardAdmin
a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}...
a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}...
if canModifyCard
h2.title.js-open-inlined-form.is-editable
@ -60,10 +59,9 @@ template(name="checklistDeleteDialog")
| {{_ 'confirm-checklist-delete-dialog'}}
span {{checklist.title}}
| ?
if currentUser.isBoardAdmin
.js-checklist-delete-buttons
button.confirm-checklist-delete(type="button") {{_ 'delete'}}
button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}}
.js-checklist-delete-buttons
button.confirm-checklist-delete(type="button") {{_ 'delete'}}
button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}}
template(name="addChecklistItemForm")
textarea.js-add-checklist-item(rows='1' autofocus)

14
client/components/lists/listHeader.js
View file

@ -104,6 +104,10 @@ BlazeComponent.extendComponent({
}).register('listHeader');
Template.listHeader.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
showDesktopDragHandles() {
currentUser = Meteor.user();
if (currentUser) {
@ -117,6 +121,10 @@ Template.listHeader.helpers({
});
Template.listActionPopup.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
isWipLimitEnabled() {
return Template.currentData().getWipLimit('enabled');
},
@ -254,6 +262,12 @@ Template.listMorePopup.events({
}),
});
Template.listHeader.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
});
BlazeComponent.extendComponent({
onCreated() {
this.currentList = this.currentData();

15
client/components/sidebar/sidebar.js
View file

@ -155,6 +155,9 @@ Template.memberPopup.helpers({
user() {
return Users.findOne(this.userId);
},
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
memberType() {
const type = Users.findOne(this.userId).isBoardAdmin() ? 'admin' : 'normal';
if (type === 'normal') {
@ -224,6 +227,9 @@ Template.boardMenuPopup.onCreated(function() {
});
Template.boardMenuPopup.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
withApi() {
return Template.instance().apiEnabled.get();
},
@ -294,6 +300,9 @@ Template.membersWidget.helpers({
return false;
}
},
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
});
Template.membersWidget.events({
@ -475,6 +484,12 @@ Template.labelsWidget.events({
'click .js-add-label': Popup.open('createLabel'),
});
Template.labelsWidget.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
});
// Board members can assign people or labels by drag-dropping elements from the
// sidebar to the cards on the board. In order to re-initialize the jquery-ui
// plugin any time a draggable member or label is modified or removed we use a

3
client/components/sidebar/sidebarArchives.js
View file

@ -141,6 +141,9 @@ BlazeComponent.extendComponent({
}).register('archivesSidebar');
Template.archivesSidebar.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
isWorker() {
const currentBoard = Boards.findOne(Session.get('currentBoard'));
return (

9
client/components/sidebar/sidebarFilters.js
View file

@ -134,6 +134,15 @@ BlazeComponent.extendComponent({
},
}).register('multiselectionSidebar');
Template.multiselectionSidebar.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
isCommentOnly() {
return Meteor.user().isCommentOnly();
},
});
Template.disambiguateMultiLabelPopup.events({
'click .js-remove-label'() {
mutateSelectedCards('removeLabel', this._id);

12
client/components/swimlanes/swimlaneHeader.js
View file

@ -41,6 +41,12 @@ Template.swimlaneHeader.helpers({
},
});
Template.swimlaneFixedHeader.helpers({
isBoardAdmin() {
return Meteor.user().isBoardAdmin();
},
});
Template.swimlaneActionPopup.events({
'click .js-set-swimlane-color': Popup.open('setSwimlaneColor'),
'click .js-close-swimlane'(event) {
@ -50,6 +56,12 @@ Template.swimlaneActionPopup.events({
},
});
Template.swimlaneActionPopup.helpers({
isCommentOnly() {
return Meteor.user().isCommentOnly();
},
});
BlazeComponent.extendComponent({
onCreated() {
this.currentSwimlane = this.currentData();