github-mirrors/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-04-24 22:17:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix in API user role is not considered.

Browse source 
Thanks to mohammadZahedian and xet7 !

Fixes #5422
This commit is contained in:
Lauri Ojansivu 2024-12-08 02:56:37 +02:00
parent 0c753e85a8
commit c062bd63bb
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/authentication.js
View file

@ -52,14 +52,11 @@ Meteor.startup(() => {
} }
}; };
// Helper function. Will throw an error if the user does not have read only access to the given board // Helper function. Will throw an error if the user is not active BoardAdmin or active Normal user of the board.
Authentication.checkBoardAccess = function(userId, boardId) { Authentication.checkBoardAccess = function(userId, boardId) {
Authentication.checkLoggedIn(userId); Authentication.checkLoggedIn(userId);
const board = ReactiveCache.getBoard(boardId); const board = ReactiveCache.getBoard(boardId);
const normalAccess = const normalAccess = board.members.some(e => e.userId === userId && e.isActive && !e.isNoComments && !e.isCommentOnly && !e.isWorker);
board.permission === 'public' ||
board.members.some(e => e.userId === userId && e.isActive);
Authentication.checkAdminOrCondition(userId, normalAccess); Authentication.checkAdminOrCondition(userId, normalAccess);
}; };