From 4a205fcfcb40438faead3bf8973b10b8e42974f0 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Tue, 15 Dec 2020 11:52:57 +0200 Subject: [PATCH] Prevent normal user deleting or modifying too much. Allow normal user to export board. Thanks to Samunosuke, pgh2357 and xet7 ! Related #3377 --- client/components/boards/boardArchive.jade | 7 +- client/components/boards/boardBody.js | 7 +- client/components/cards/attachments.jade | 7 +- client/components/cards/cardDetails.jade | 24 ++++--- client/components/cards/checklists.jade | 13 ++-- client/components/cards/subtasks.jade | 14 ++-- client/components/lists/listHeader.jade | 10 +-- client/components/sidebar/sidebar.jade | 67 ++++++++++--------- .../components/sidebar/sidebarArchives.jade | 30 +++++---- client/components/sidebar/sidebarFilters.jade | 2 +- .../components/swimlanes/swimlaneHeader.jade | 5 +- client/components/swimlanes/swimlanes.jade | 31 ++++----- client/components/swimlanes/swimlanes.js | 8 ++- 13 files changed, 129 insertions(+), 96 deletions(-) diff --git a/client/components/boards/boardArchive.jade b/client/components/boards/boardArchive.jade index 5d291f009..ef4ed4f37 100644 --- a/client/components/boards/boardArchive.jade +++ b/client/components/boards/boardArchive.jade @@ -7,9 +7,10 @@ template(name="archivedBoards") each archivedBoards li.archived-lists-item div.board-header-btns - button.board-header-btn.js-delete-board - i.fa.fa-trash-o - | {{_ 'delete-board'}} + if currentUser.isBoardAdmin + button.board-header-btn.js-delete-board + i.fa.fa-trash-o + | {{_ 'delete-board'}} button.board-header-btn.js-restore-board i.fa.fa-undo | {{_ 'restore-board'}} diff --git a/client/components/boards/boardBody.js b/client/components/boards/boardBody.js index 073601d52..b08de3384 100644 --- a/client/components/boards/boardBody.js +++ b/client/components/boards/boardBody.js @@ -211,7 +211,12 @@ BlazeComponent.extendComponent({ } // Disable drag-dropping if the current user is not a board member - $swimlanesDom.sortable('option', 'disabled', !userIsMember()); + //$swimlanesDom.sortable('option', 'disabled', !userIsMember()); + $swimlanesDom.sortable( + 'option', + 'disabled', + !Meteor.user().isBoardAdmin(), + ); }); function userIsMember() { diff --git a/client/components/cards/attachments.jade b/client/components/cards/attachments.jade index 61454fa79..935d65229 100644 --- a/client/components/cards/attachments.jade +++ b/client/components/cards/attachments.jade @@ -46,9 +46,10 @@ template(name="attachmentsGalery") | {{_ 'remove-cover'}} else | {{_ 'add-cover'}} - a.js-confirm-delete - i.fa.fa-close - | {{_ 'delete'}} + if currentUser.isBoardAdmin + a.js-confirm-delete + i.fa.fa-close + | {{_ 'delete'}} if currentUser.isBoardMember unless currentUser.isCommentOnly diff --git a/client/components/cards/cardDetails.jade b/client/components/cards/cardDetails.jade index 1f0cfc834..e6c96355b 100644 --- a/client/components/cards/cardDetails.jade +++ b/client/components/cards/cardDetails.jade @@ -354,10 +354,11 @@ template(name="cardDetailsActionsPopup") a.js-start-voting i.fa.fa-thumbs-up | {{_ 'card-edit-voting'}} - li - a.js-custom-fields - i.fa.fa-list-alt - | {{_ 'card-edit-custom-fields'}} + if currentBoard.isBoardAdmin + li + a.js-custom-fields + i.fa.fa-list-alt + | {{_ 'card-edit-custom-fields'}} //li: a.js-received-date {{_ 'editCardReceivedDatePopup-title'}} //li: a.js-start-date {{_ 'editCardStartDatePopup-title'}} //li: a.js-due-date {{_ 'editCardDueDatePopup-title'}} @@ -382,10 +383,11 @@ template(name="cardDetailsActionsPopup") | {{_ 'moveCardToBottom-title'}} hr ul.pop-over-list - li - a.js-move-card - i.fa.fa-arrow-right - | {{_ 'moveCardPopup-title'}} + if currentBoard.isBoardAdmin + li + a.js-move-card + i.fa.fa-arrow-right + | {{_ 'moveCardPopup-title'}} unless currentUser.isWorker li a.js-copy-card @@ -562,7 +564,8 @@ template(name="cardMorePopup") br | {{_ 'added'}} span.date(title=card.createdAt) {{ moment createdAt 'LLL' }} - a.js-delete(title="{{_ 'card-delete-notice'}}") {{_ 'delete'}} + if currentUser.isBoardAdmin + a.js-delete(title="{{_ 'card-delete-notice'}}") {{_ 'delete'}} template(name="setCardColorPopup") form.edit-label @@ -609,7 +612,8 @@ template(name="cardStartVotingPopup") button.primary.js-submit {{_ 'save'}} if getVoteQuestion - button.js-remove-vote.negate.wide.right {{_ 'delete'}} + if currentUser.isBoardAdmin + button.js-remove-vote.negate.wide.right {{_ 'delete'}} template(name="positiveVoteMembersPopup") ul.pop-over-list.js-card-member-list diff --git a/client/components/cards/checklists.jade b/client/components/cards/checklists.jade index a3695a5ea..a6534e87f 100644 --- a/client/components/cards/checklists.jade +++ b/client/components/cards/checklists.jade @@ -37,7 +37,8 @@ template(name="checklistDetail") .checklist-title span if canModifyCard - a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}... + if currentUser.isBoardAdmin + a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}... if canModifyCard h2.title.js-open-inlined-form.is-editable @@ -59,9 +60,10 @@ template(name="checklistDeleteDialog") | {{_ 'confirm-checklist-delete-dialog'}} span {{checklist.title}} | ? - .js-checklist-delete-buttons - button.confirm-checklist-delete(type="button") {{_ 'delete'}} - button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}} + if currentUser.isBoardAdmin + .js-checklist-delete-buttons + button.confirm-checklist-delete(type="button") {{_ 'delete'}} + button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}} template(name="addChecklistItemForm") textarea.js-add-checklist-item(rows='1' autofocus) @@ -80,7 +82,8 @@ template(name="editChecklistItemForm") a.fa.fa-times-thin.js-close-inlined-form span(title=createdAt) {{ moment createdAt }} if canModifyCard - a.js-delete-checklist-item {{_ "delete"}}... + if currentUser.isBoardAdmin + a.js-delete-checklist-item {{_ "delete"}}... template(name="checklistItems") .checklist-items.js-checklist-items diff --git a/client/components/cards/subtasks.jade b/client/components/cards/subtasks.jade index ca7e5b734..4d49ff658 100644 --- a/client/components/cards/subtasks.jade +++ b/client/components/cards/subtasks.jade @@ -2,10 +2,10 @@ template(name="subtasks") h3.card-details-item-title i.fa.fa-sitemap | {{_ 'subtasks'}} - if toggleDeleteDialog.get - .board-overlay#card-details-overlay - +subtaskDeleteDialog(subtask = subtaskToDelete) - + if currentUser.isBoardAdmin + if toggleDeleteDialog.get + .board-overlay#card-details-overlay + +subtaskDeleteDialog(subtask = subtaskToDelete) .card-subtasks-items each subtask in currentCard.subtasks @@ -28,7 +28,8 @@ template(name="subtaskDetail") span a.js-view-subtask(title="{{ subtask.title }}") {{_ "view-it"}} if canModifyCard - a.js-delete-subtask.toggle-delete-subtask-dialog {{_ "delete"}}... + if currentUser.isBoardAdmin + a.js-delete-subtask.toggle-delete-subtask-dialog {{_ "delete"}}... if canModifyCard h2.title.js-open-inlined-form.is-editable @@ -68,7 +69,8 @@ template(name="editSubtaskItemForm") a.fa.fa-times-thin.js-close-inlined-form span(title=createdAt) {{ moment createdAt }} if canModifyCard - a.js-delete-subtask-item {{_ "delete"}}... + if currentUser.isBoardAdmin + a.js-delete-subtask-item {{_ "delete"}}... template(name="subtasksItems") .subtasks-items.js-subtasks-items diff --git a/client/components/lists/listHeader.jade b/client/components/lists/listHeader.jade index fa1faf34e..843341092 100644 --- a/client/components/lists/listHeader.jade +++ b/client/components/lists/listHeader.jade @@ -43,8 +43,9 @@ template(name="listHeader") if canSeeAddCard a.js-add-card.fa.fa-plus.list-header-plus-icon a.fa.fa-navicon.js-open-list-menu - if showDesktopDragHandles - a.list-header-handle.handle.fa.fa-arrows.js-list-handle + if currentUser.isBoardAdmin + if showDesktopDragHandles + a.list-header-handle.handle.fa.fa-arrows.js-list-handle template(name="editListTitleForm") .list-composer @@ -115,8 +116,9 @@ template(name="listMorePopup") input.inline-input(type="text" readonly value="{{ rootUrl }}") | {{_ 'added'}} span.date(title=list.createdAt) {{ moment createdAt 'LLL' }} - unless currentUser.isWorker - a.js-delete {{_ 'delete'}} + //unless currentUser.isWorker + // if currentUser.isBoardAdmin + // a.js-delete {{_ 'delete'}} template(name="listDeletePopup") p {{_ "list-delete-pop"}} diff --git a/client/components/sidebar/sidebar.jade b/client/components/sidebar/sidebar.jade index 82ee72245..3bc6f8435 100644 --- a/client/components/sidebar/sidebar.jade +++ b/client/components/sidebar/sidebar.jade @@ -269,14 +269,16 @@ template(name="outgoingWebhooksPopup") template(name="boardMenuPopup") ul.pop-over-list - li - a.js-open-rules-view(title="{{_ 'rules'}}") - i.fa.fa-magic - | {{_ 'rules'}} - li - a.js-custom-fields - i.fa.fa-list-alt - | {{_ 'custom-fields'}} + if currentUser.isBoardAdmin + li + a.js-open-rules-view(title="{{_ 'rules'}}") + i.fa.fa-magic + | {{_ 'rules'}} + if currentUser.isBoardAdmin + li + a.js-custom-fields + i.fa.fa-list-alt + | {{_ 'custom-fields'}} li a.js-open-archives i.fa.fa-archive @@ -297,14 +299,14 @@ template(name="boardMenuPopup") i.fa.fa-flag | {{_ 'language'}} unless isSandstorm - if currentUser.isBoardAdmin - hr - ul.pop-over-list - if withApi - li - a.js-export-board - i.fa.fa-share-alt - | {{_ 'export-board'}} + hr + ul.pop-over-list + if withApi + li + a.js-export-board + i.fa.fa-share-alt + | {{_ 'export-board'}} + if currentUser.isBoardAdmin li a.js-outgoing-webhooks i.fa.fa-globe @@ -317,7 +319,8 @@ template(name="boardMenuPopup") a.js-subtask-settings i.fa.fa-sitemap | {{_ 'subtask-settings'}} - unless currentBoard.isTemplatesBoard + unless currentBoard.isTemplatesBoard + if currentUser.isBoardAdmin hr ul.pop-over-list li @@ -329,20 +332,22 @@ template(name="boardMenuPopup") if isSandstorm hr ul.pop-over-list - li - a.js-export-board - i.fa.fa-share-alt - | {{_ 'export-board'}} - li - a.js-import-board - i.fa.fa-share-alt - i.fa.fa-sign-in - | {{_ 'import-board-c'}} - li - a.js-archive-board - i.fa.fa-arrow-right - i.fa.fa-archive - | {{_ 'archive-board'}} + if currentUser.isMember + li + a.js-export-board + i.fa.fa-share-alt + | {{_ 'export-board'}} + li + a.js-import-board + i.fa.fa-share-alt + i.fa.fa-sign-in + | {{_ 'import-board-c'}} + if currentUser.isBoardAdmin + li + a.js-archive-board + i.fa.fa-arrow-right + i.fa.fa-archive + | {{_ 'archive-board'}} li a.js-outgoing-webhooks i.fa.fa-globe diff --git a/client/components/sidebar/sidebarArchives.jade b/client/components/sidebar/sidebarArchives.jade index 56423ad76..c4c4cd5c2 100644 --- a/client/components/sidebar/sidebarArchives.jade +++ b/client/components/sidebar/sidebarArchives.jade @@ -5,8 +5,9 @@ template(name="archivesSidebar") unless isWorker p.quiet a.js-restore-all-cards {{_ 'restore-all'}} - | - - a.js-delete-all-cards {{_ 'delete-all'}} + if currentUser.isBoardAdmin + | - + a.js-delete-all-cards {{_ 'delete-all'}} each archivedCards .minicard-wrapper.js-minicard +minicard(this) @@ -14,8 +15,9 @@ template(name="archivesSidebar") unless isWorker p.quiet a.js-restore-card {{_ 'restore'}} - | - - a.js-delete-card {{_ 'delete'}} + if currentUser.isBoardAdmin + | - + a.js-delete-card {{_ 'delete'}} if cardIsInArchivedList p.quiet.small ({{_ 'warn-list-archived'}}) else @@ -25,8 +27,9 @@ template(name="archivesSidebar") unless isWorker p.quiet a.js-restore-all-lists {{_ 'restore-all'}} - | - - a.js-delete-all-lists {{_ 'delete-all'}} + if currentUser.isBoardAdmin + | - + a.js-delete-all-lists {{_ 'delete-all'}} ul.archived-lists each archivedLists li.archived-lists-item @@ -35,8 +38,9 @@ template(name="archivesSidebar") unless isWorker p.quiet a.js-restore-list {{_ 'restore'}} - | - - a.js-delete-list {{_ 'delete'}} + if currentUser.isBoardAdmin + | - + a.js-delete-list {{_ 'delete'}} else li.no-items-message {{_ 'no-archived-lists'}} @@ -44,8 +48,9 @@ template(name="archivesSidebar") unless isWorker p.quiet a.js-restore-all-swimlanes {{_ 'restore-all'}} - | - - a.js-delete-all-swimlanes {{_ 'delete-all'}} + if currentUser.isBoardAdmin + | - + a.js-delete-all-swimlanes {{_ 'delete-all'}} ul.archived-lists each archivedSwimlanes li.archived-lists-item @@ -54,8 +59,9 @@ template(name="archivesSidebar") unless isWorker p.quiet a.js-restore-swimlane {{_ 'restore'}} - | - - a.js-delete-swimlane {{_ 'delete'}} + if currentUser.isBoardAdmin + | - + a.js-delete-swimlane {{_ 'delete'}} else li.no-items-message {{_ 'no-archived-swimlanes'}} else diff --git a/client/components/sidebar/sidebarFilters.jade b/client/components/sidebar/sidebarFilters.jade index 6780b49d3..bfb091021 100644 --- a/client/components/sidebar/sidebarFilters.jade +++ b/client/components/sidebar/sidebarFilters.jade @@ -155,7 +155,7 @@ template(name="multiselectionSidebar") i.fa.fa-check else if someSelectedElementHave 'member' _id i.fa.fa-ellipsis-h - unless currentUser.isWorker + if currentUser.isBoardAdmin hr a.sidebar-btn.js-move-selection i.fa.fa-share diff --git a/client/components/swimlanes/swimlaneHeader.jade b/client/components/swimlanes/swimlaneHeader.jade index 9228bf75e..c7c9381e5 100644 --- a/client/components/swimlanes/swimlaneHeader.jade +++ b/client/components/swimlanes/swimlaneHeader.jade @@ -15,8 +15,9 @@ template(name="swimlaneFixedHeader") = title .swimlane-header-menu unless currentUser.isCommentOnly - a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon - a.fa.fa-navicon.js-open-swimlane-menu + if currentUser.isBoardAdmin + a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon + a.fa.fa-navicon.js-open-swimlane-menu unless isMiniScreen if showDesktopDragHandles a.swimlane-header-handle.handle.fa.fa-arrows.js-swimlane-header-handle diff --git a/client/components/swimlanes/swimlanes.jade b/client/components/swimlanes/swimlanes.jade index df7fede5a..cdcb1580d 100644 --- a/client/components/swimlanes/swimlanes.jade +++ b/client/components/swimlanes/swimlanes.jade @@ -45,18 +45,19 @@ template(name="listsGroup") template(name="addListForm") unless currentUser.isWorker .list.list-composer.js-list-composer(class="{{#if isMiniScreen}}mini-list{{/if}}") - .list-header-add - +inlinedForm(autoclose=false) - input.list-name-input.full-line(type="text" placeholder="{{_ 'add-list'}}" - autocomplete="off" autofocus) - .edit-controls.clearfix - button.primary.confirm(type="submit") {{_ 'save'}} - unless currentBoard.isTemplatesBoard - unless currentBoard.isTemplateBoard - span.quiet - | {{_ 'or'}} - a.js-list-template {{_ 'template'}} - else - a.open-list-composer.js-open-inlined-form - i.fa.fa-plus - | {{_ 'add-list'}} + if currentUser.isBoardAdmin + .list-header-add + +inlinedForm(autoclose=false) + input.list-name-input.full-line(type="text" placeholder="{{_ 'add-list'}}" + autocomplete="off" autofocus) + .edit-controls.clearfix + button.primary.confirm(type="submit") {{_ 'save'}} + unless currentBoard.isTemplatesBoard + unless currentBoard.isTemplateBoard + span.quiet + | {{_ 'or'}} + a.js-list-template {{_ 'template'}} + else + a.open-list-composer.js-open-inlined-form + i.fa.fa-plus + | {{_ 'add-list'}} diff --git a/client/components/swimlanes/swimlanes.js b/client/components/swimlanes/swimlanes.js index edb49ef79..e2b9369f6 100644 --- a/client/components/swimlanes/swimlanes.js +++ b/client/components/swimlanes/swimlanes.js @@ -122,7 +122,8 @@ function initSortable(boardComponent, $listsDom) { 'option', 'disabled', // Disable drag-dropping when user is not member/is worker - !userIsMember() || Meteor.user().isWorker(), + //!userIsMember() || Meteor.user().isWorker(), + !Meteor.user().isBoardAdmin(), // Not disable drag-dropping while in multi-selection mode // MultiSelection.isActive() || !userIsMember(), ); @@ -274,12 +275,13 @@ Template.swimlane.helpers({ } }, canSeeAddList() { - return ( + return Meteor.user().isBoardAdmin(); + /* Meteor.user() && Meteor.user().isBoardMember() && !Meteor.user().isCommentOnly() && !Meteor.user().isWorker() - ); + */ }, });