Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-09-22 01:50:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

More enhancements to Admin Reports and security fixes

Browse source 
* update Boards Report
* use Boards.userBoards() instead of Boards.find() to make sure user has access permission
This commit is contained in:
John Supplee 2021-12-21 02:39:16 +02:00
parent d9c290deda
commit 42610d9642
5 changed files with 107 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

57
models/users.js
View file

@ -519,6 +519,18 @@ Users.helpers({
}
return '';
},
teamIds() {
if (this.teams) {
return this.teams.map(team => { return team.teamId });
}
return [];
},
orgIds() {
if (this.orgs) {
return this.orgs.map(org => { return org.orgId });
}
return [];
},
orgsUserBelongs() {
if (this.orgs) {
return this.orgs.map(function(org){return org.orgDisplayName}).sort().join(',');
@ -544,32 +556,16 @@ Users.helpers({
return '';
},
boards() {
return Boards.find(
{
'members.userId': this._id,
},
{
sort: {
sort: 1 /* boards default sorting */,
},
},
);
return Boards.userBoards(this._id, null, {}, { sort: { sort: 1 } })
},
starredBoards() {
const { starredBoards = [] } = this.profile || {};
return Boards.find(
{
archived: false,
_id: {
$in: starredBoards,
},
},
{
sort: {
sort: 1 /* boards default sorting */,
},
},
return Boards.userBoards(
this._id,
false,
{ _id: { $in: starredBoards } },
{ sort: { sort: 1 } }
);
},
@ -580,18 +576,11 @@ Users.helpers({
invitedBoards() {
const { invitedBoards = [] } = this.profile || {};
return Boards.find(
{
archived: false,
_id: {
$in: invitedBoards,
},
},
{
sort: {
sort: 1 /* boards default sorting */,
},
},
return Boards.userBoards(
this._id,
false,
{ _id: { $in: invitedBoards } },
{ sort: { sort: 1 } }
);
},