Prevent normal user deleting or modifying too much.

Allow normal user to export board. Thanks to Samunosuke, pgh2357 and xet7 ! Related #3377
2025-12-16 15:30:13 +01:00 · 2020-12-15 11:52:57 +02:00 · 2020-12-15 11:52:57 +02:00 · 4a205fcfcb
commit 4a205fcfcb
parent f6c0700633
13 changed files with 129 additions and 96 deletions
--- a/client/components/boards/boardArchive.jade
+++ b/client/components/boards/boardArchive.jade
@ -7,6 +7,7 @@ template(name="archivedBoards")
    each archivedBoards
      li.archived-lists-item
        div.board-header-btns
+          if currentUser.isBoardAdmin
            button.board-header-btn.js-delete-board
              i.fa.fa-trash-o
              | {{_ 'delete-board'}}
--- a/client/components/boards/boardBody.js
+++ b/client/components/boards/boardBody.js
@ -211,7 +211,12 @@ BlazeComponent.extendComponent({
      }

      // Disable drag-dropping if the current user is not a board member
-      $swimlanesDom.sortable('option', 'disabled', !userIsMember());
+      //$swimlanesDom.sortable('option', 'disabled', !userIsMember());
+      $swimlanesDom.sortable(
+        'option',
+        'disabled',
+        !Meteor.user().isBoardAdmin(),
+      );
    });

    function userIsMember() {
--- a/client/components/cards/attachments.jade
+++ b/client/components/cards/attachments.jade
@ -46,6 +46,7 @@ template(name="attachmentsGalery")
                        | {{_ 'remove-cover'}}
                      else
                        | {{_ 'add-cover'}}
+                  if currentUser.isBoardAdmin
                    a.js-confirm-delete
                      i.fa.fa-close
                      | {{_ 'delete'}}
--- a/client/components/cards/cardDetails.jade
+++ b/client/components/cards/cardDetails.jade
@ -354,6 +354,7 @@ template(name="cardDetailsActionsPopup")
          a.js-start-voting
            i.fa.fa-thumbs-up
            | {{_ 'card-edit-voting'}}
+        if currentBoard.isBoardAdmin
          li
            a.js-custom-fields
              i.fa.fa-list-alt
@ -382,6 +383,7 @@ template(name="cardDetailsActionsPopup")
          | {{_ 'moveCardToBottom-title'}}
      hr
    ul.pop-over-list
+      if currentBoard.isBoardAdmin
        li
          a.js-move-card
            i.fa.fa-arrow-right
@ -562,6 +564,7 @@ template(name="cardMorePopup")
    br
    | {{_ 'added'}}
    span.date(title=card.createdAt) {{ moment createdAt 'LLL' }}
+    if currentUser.isBoardAdmin
      a.js-delete(title="{{_ 'card-delete-notice'}}") {{_ 'delete'}}

 template(name="setCardColorPopup")
@ -609,6 +612,7 @@ template(name="cardStartVotingPopup")

    button.primary.js-submit {{_ 'save'}}
    if getVoteQuestion
+      if currentUser.isBoardAdmin
        button.js-remove-vote.negate.wide.right {{_ 'delete'}}

 template(name="positiveVoteMembersPopup")
--- a/client/components/cards/checklists.jade
+++ b/client/components/cards/checklists.jade
@ -37,6 +37,7 @@ template(name="checklistDetail")
      .checklist-title
        span
        if canModifyCard
+          if currentUser.isBoardAdmin
            a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}...

        if canModifyCard
@ -59,6 +60,7 @@ template(name="checklistDeleteDialog")
      | {{_ 'confirm-checklist-delete-dialog'}}
      span {{checklist.title}}
      | ?
+    if currentUser.isBoardAdmin
      .js-checklist-delete-buttons
        button.confirm-checklist-delete(type="button") {{_ 'delete'}}
        button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}}
@ -80,6 +82,7 @@ template(name="editChecklistItemForm")
    a.fa.fa-times-thin.js-close-inlined-form
    span(title=createdAt) {{ moment createdAt }}
    if canModifyCard
+      if currentUser.isBoardAdmin
        a.js-delete-checklist-item {{_ "delete"}}...

 template(name="checklistItems")
--- a/client/components/cards/subtasks.jade
+++ b/client/components/cards/subtasks.jade
@ -2,11 +2,11 @@ template(name="subtasks")
  h3.card-details-item-title
    i.fa.fa-sitemap
    | {{_ 'subtasks'}}
+  if currentUser.isBoardAdmin
    if toggleDeleteDialog.get
      .board-overlay#card-details-overlay
      +subtaskDeleteDialog(subtask = subtaskToDelete)

-
  .card-subtasks-items
    each subtask in currentCard.subtasks
      +subtaskDetail(subtask = subtask)
@ -28,6 +28,7 @@ template(name="subtaskDetail")
        span
        a.js-view-subtask(title="{{ subtask.title }}") {{_ "view-it"}}
        if canModifyCard
+          if currentUser.isBoardAdmin
            a.js-delete-subtask.toggle-delete-subtask-dialog {{_ "delete"}}...

        if canModifyCard
@ -68,6 +69,7 @@ template(name="editSubtaskItemForm")
    a.fa.fa-times-thin.js-close-inlined-form
    span(title=createdAt) {{ moment createdAt }}
    if canModifyCard
+      if currentUser.isBoardAdmin
        a.js-delete-subtask-item {{_ "delete"}}...

 template(name="subtasksItems")
--- a/client/components/lists/listHeader.jade
+++ b/client/components/lists/listHeader.jade
@ -43,6 +43,7 @@ template(name="listHeader")
            if canSeeAddCard
              a.js-add-card.fa.fa-plus.list-header-plus-icon
            a.fa.fa-navicon.js-open-list-menu
+          if currentUser.isBoardAdmin
            if showDesktopDragHandles
              a.list-header-handle.handle.fa.fa-arrows.js-list-handle

@ -115,8 +116,9 @@ template(name="listMorePopup")
      input.inline-input(type="text" readonly value="{{ rootUrl }}")
    | {{_ 'added'}}
    span.date(title=list.createdAt) {{ moment createdAt 'LLL' }}
-    unless currentUser.isWorker
-      a.js-delete {{_ 'delete'}}
+    //unless currentUser.isWorker
+    //  if currentUser.isBoardAdmin
+    //    a.js-delete {{_ 'delete'}}

 template(name="listDeletePopup")
  p {{_ "list-delete-pop"}}
--- a/client/components/sidebar/sidebar.jade
+++ b/client/components/sidebar/sidebar.jade
@ -269,10 +269,12 @@ template(name="outgoingWebhooksPopup")

 template(name="boardMenuPopup")
  ul.pop-over-list
+    if currentUser.isBoardAdmin
      li
        a.js-open-rules-view(title="{{_ 'rules'}}")
          i.fa.fa-magic
          | {{_ 'rules'}}
+    if currentUser.isBoardAdmin
      li
        a.js-custom-fields
          i.fa.fa-list-alt
@ -297,7 +299,6 @@ template(name="boardMenuPopup")
          i.fa.fa-flag
          | {{_ 'language'}}
  unless isSandstorm
-    if currentUser.isBoardAdmin
    hr
    ul.pop-over-list
      if withApi
@ -305,6 +306,7 @@ template(name="boardMenuPopup")
          a.js-export-board
            i.fa.fa-share-alt
            | {{_ 'export-board'}}
+      if currentUser.isBoardAdmin
        li
          a.js-outgoing-webhooks
            i.fa.fa-globe
@ -318,6 +320,7 @@ template(name="boardMenuPopup")
            i.fa.fa-sitemap
            | {{_ 'subtask-settings'}}
    unless currentBoard.isTemplatesBoard
+      if currentUser.isBoardAdmin
        hr
        ul.pop-over-list
          li
@ -329,6 +332,7 @@ template(name="boardMenuPopup")
  if isSandstorm
    hr
    ul.pop-over-list
+      if currentUser.isMember
        li
          a.js-export-board
            i.fa.fa-share-alt
@ -338,6 +342,7 @@ template(name="boardMenuPopup")
            i.fa.fa-share-alt
            i.fa.fa-sign-in
            | {{_ 'import-board-c'}}
+      if currentUser.isBoardAdmin
        li
          a.js-archive-board
            i.fa.fa-arrow-right
--- a/client/components/sidebar/sidebarArchives.jade
+++ b/client/components/sidebar/sidebarArchives.jade
@ -5,6 +5,7 @@ template(name="archivesSidebar")
        unless isWorker
          p.quiet
            a.js-restore-all-cards {{_ 'restore-all'}}
+            if currentUser.isBoardAdmin
              | -
              a.js-delete-all-cards {{_ 'delete-all'}}
        each archivedCards
@ -14,6 +15,7 @@ template(name="archivesSidebar")
            unless isWorker
              p.quiet
                a.js-restore-card {{_ 'restore'}}
+                if currentUser.isBoardAdmin
                  | -
                  a.js-delete-card {{_ 'delete'}}
            if cardIsInArchivedList
@ -25,6 +27,7 @@ template(name="archivesSidebar")
        unless isWorker
          p.quiet
            a.js-restore-all-lists {{_ 'restore-all'}}
+            if currentUser.isBoardAdmin
              | -
              a.js-delete-all-lists {{_ 'delete-all'}}
        ul.archived-lists
@ -35,6 +38,7 @@ template(name="archivesSidebar")
                unless isWorker
                  p.quiet
                    a.js-restore-list {{_ 'restore'}}
+                    if currentUser.isBoardAdmin
                      | -
                      a.js-delete-list {{_ 'delete'}}
          else
@ -44,6 +48,7 @@ template(name="archivesSidebar")
        unless isWorker
          p.quiet
            a.js-restore-all-swimlanes {{_ 'restore-all'}}
+            if currentUser.isBoardAdmin
              | -
              a.js-delete-all-swimlanes {{_ 'delete-all'}}
        ul.archived-lists
@ -54,6 +59,7 @@ template(name="archivesSidebar")
                unless isWorker
                  p.quiet
                    a.js-restore-swimlane {{_ 'restore'}}
+                    if currentUser.isBoardAdmin
                      | -
                      a.js-delete-swimlane {{_ 'delete'}}
          else
--- a/client/components/sidebar/sidebarFilters.jade
+++ b/client/components/sidebar/sidebarFilters.jade
@ -155,7 +155,7 @@ template(name="multiselectionSidebar")
              i.fa.fa-check
            else if someSelectedElementHave 'member' _id
              i.fa.fa-ellipsis-h
-  unless currentUser.isWorker
+  if currentUser.isBoardAdmin
    hr
    a.sidebar-btn.js-move-selection
      i.fa.fa-share
--- a/client/components/swimlanes/swimlaneHeader.jade
+++ b/client/components/swimlanes/swimlaneHeader.jade
@ -15,6 +15,7 @@ template(name="swimlaneFixedHeader")
        = title
  .swimlane-header-menu
    unless currentUser.isCommentOnly
+      if currentUser.isBoardAdmin
        a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon
        a.fa.fa-navicon.js-open-swimlane-menu
      unless isMiniScreen
--- a/client/components/swimlanes/swimlanes.jade
+++ b/client/components/swimlanes/swimlanes.jade
@ -45,6 +45,7 @@ template(name="listsGroup")
 template(name="addListForm")
  unless currentUser.isWorker
    .list.list-composer.js-list-composer(class="{{#if isMiniScreen}}mini-list{{/if}}")
+      if currentUser.isBoardAdmin
        .list-header-add
          +inlinedForm(autoclose=false)
            input.list-name-input.full-line(type="text" placeholder="{{_ 'add-list'}}"
--- a/client/components/swimlanes/swimlanes.js
+++ b/client/components/swimlanes/swimlanes.js
@ -122,7 +122,8 @@ function initSortable(boardComponent, $listsDom) {
        'option',
        'disabled',
        // Disable drag-dropping when user is not member/is worker
-        !userIsMember() || Meteor.user().isWorker(),
+        //!userIsMember() || Meteor.user().isWorker(),
+        !Meteor.user().isBoardAdmin(),
        // Not disable drag-dropping while in multi-selection mode
        // MultiSelection.isActive() || !userIsMember(),
      );
@ -274,12 +275,13 @@ Template.swimlane.helpers({
    }
  },
  canSeeAddList() {
-    return (
+    return Meteor.user().isBoardAdmin();
+    /*
      Meteor.user() &&
      Meteor.user().isBoardMember() &&
      !Meteor.user().isCommentOnly() &&
      !Meteor.user().isWorker()
-    );
+      */
  },
 });