diff --git a/.meteor/versions b/.meteor/versions index c61075b8a..b8fe7da6e 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -42,8 +42,8 @@ dynamic-import@0.6.0 easylogic:summernote@0.8.8 ecmascript@0.15.1 ecmascript-runtime@0.7.0 -ecmascript-runtime-client@0.11.0 -ecmascript-runtime-server@0.10.0 +ecmascript-runtime-client@0.11.1 +ecmascript-runtime-server@0.10.1 ejson@1.1.1 email@2.0.0 es5-shim@4.8.0 @@ -106,7 +106,7 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0 mquandalle:moment@1.0.1 mquandalle:mousetrap-bindglobal@0.0.1 msavin:usercache@1.8.0 -npm-bcrypt@0.9.3 +npm-bcrypt@0.9.4 npm-mongo@3.9.0 oauth@1.3.2 oauth2@1.3.0 @@ -211,7 +211,7 @@ tracker@1.2.0 twbs:bootstrap@3.3.6 ui@1.0.13 underscore@1.0.10 -url@1.3.1 +url@1.3.2 useraccounts:core@1.14.2 useraccounts:flow-routing@1.14.2 useraccounts:unstyled@1.14.2 diff --git a/CHANGELOG.md b/CHANGELOG.md index a1ec03d18..ba979d51e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ [Mac ChangeLog](https://github.com/wekan/wekan/wiki/Mac) -# Upcoming Wekan release +# v5.35 2021-06-14 Wekan release This release adds the following new features: @@ -9,9 +9,11 @@ This release adds the following new features: [Part 1](https://github.com/wekan/wekan/commit/7f3f0825573b1f8a7b0388e4bacbb0bd2525e886). Added Wait Spinners docs: https://github.com/wekan/wekan/wiki/Wait-Spinners . Thanks to xet7. -- [Maximize Card. In Progress](https://github.com/wekan/wekan/commit/8c572502436a2eb22bd1eb1e4069c1c9145e2070). - Thanks to xet7. -- Export Card to PDF. In Progress. +- Maximize Card. + [Part 1](https://github.com/wekan/wekan/commit/8c572502436a2eb22bd1eb1e4069c1c9145e2070), + [Part 2](https://github.com/wekan/wekan/pull/3863). + Thanks to mfilser and xet7. +- Export Card to PDF. In Progress, does not work yet. [Part 1](https://github.com/wekan/wekan/commit/a2f2ce11354a8dbfdd6759e3b65797e4be4cc6ec), [Part 2](https://github.com/wekan/wekan/commit/17acf1884850d8d95ae79493289adf18966df652). Thanks to xet7. @@ -28,10 +30,19 @@ and adds the following improvements: - [Add border and update label colors for better visibility](https://github.com/wekan/wekan/commit/2e1eb1e224c83f16a384316626d7a4183639d4cd). Thanks to xet7. +and adds the following updates: + +- [Updated dependencies](https://github.com/wekan/wekan/commit/f80fcfd7c0a83f4181c7a0b8beb52da9ba1446d3). + Thanks to developers of dependencies. + and fixes the following bugs: - [Manual sort number 0 accepted](https://github.com/wekan/wekan/pull/3861). Thanks to mfilser. +- Allow board members to use more of API. Please add issue (or pull request) if this allows too much. + [Part 1](https://github.com/wekan/wekan/commit/a719e8fda1f78bcbf9af6e7b4341f8be1d141e90), + [Part 2](https://github.com/wekan/wekan/commit/164b6e9070199dca36d12fa3048d6b22bf6850b0). + Thanks to JayVii and xet7. Thanks to above GitHub users for their contributions and translators for their translations. diff --git a/Stackerfile.yml b/Stackerfile.yml index bb95699c8..ee1ca2281 100644 --- a/Stackerfile.yml +++ b/Stackerfile.yml @@ -1,5 +1,5 @@ appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928 -appVersion: "v5.34.0" +appVersion: "v5.35.0" files: userUploads: - README.md diff --git a/client/components/cards/cardDetails.jade b/client/components/cards/cardDetails.jade index 4aabf2eed..e9587a558 100644 --- a/client/components/cards/cardDetails.jade +++ b/client/components/cards/cardDetails.jade @@ -1,5 +1,5 @@ template(name="cardDetails") - section.card-details.js-card-details: .card-details-canvas + section.card-details.js-card-details(class='{{#if cardMaximized}}card-details-maximized{{/if}}'): .card-details-canvas .card-details-header(class='{{#if colorClass}}card-details-{{colorClass}}{{/if}}') +inlinedForm(classNames="js-card-details-title") +editCardTitleForm diff --git a/client/components/cards/cardDetails.js b/client/components/cards/cardDetails.js index 10d5a9511..ecc72f7c4 100644 --- a/client/components/cards/cardDetails.js +++ b/client/components/cards/cardDetails.js @@ -412,11 +412,11 @@ BlazeComponent.extendComponent({ 'click #toggleButton'() { Meteor.call('toggleSystemMessages'); }, - 'click #js-maximize-card-details'() { + 'click .js-maximize-card-details'() { Meteor.call('toggleCardMaximized'); autosize($('.card-details')); }, - 'click #js-minimize-card-details'() { + 'click .js-minimize-card-details'() { Meteor.call('toggleCardMaximized'); autosize($('.card-details')); }, diff --git a/client/components/cards/cardDetails.styl b/client/components/cards/cardDetails.styl index 9a57a25bd..486b211a0 100644 --- a/client/components/cards/cardDetails.styl +++ b/client/components/cards/cardDetails.styl @@ -86,62 +86,21 @@ avatar-radius = 50% // Other card details -unless isMiniScreen - if cardMaximized - .card-details - padding: 0 - flex-shrink: 0 - flex-basis: calc(100% - 20px) - will-change: flex-basis - overflow-y: scroll - overflow-x: scroll - background: darken(white, 3%) - border-radius: bottom 3px - z-index: 1000 !important - animation: flexGrowIn 0.1s - box-shadow: 0 0 7px 0 darken(white, 30%) - transition: flex-basis 0.1s - box-sizing: border-box - position: absolute - top: 0 - left: 0 - height: calc(100% - 20px) - width: calc(100% - 20px) - float: left - - .card-details-left - position: absolute - float: left - top: 60px - left: 20px - width: 47% - - .card-details-right - position: absolute - float: right - top: 20px - left: 50% - - .card-details-header - width: 47% - -if isMiniScreen - .card-details - padding: 0 - flex-shrink: 0 - flex-basis: 600px - will-change: flex-basis - overflow-y: scroll - overflow-x: hidden - background: darken(white, 3%) - border-radius: bottom 3px - z-index: 20 !important - animation: flexGrowIn 0.1s - box-shadow: 0 0 7px 0 darken(white, 30%) - transition: flex-basis 0.1s - box-sizing: border-box - .card-details + padding: 0 + flex-shrink: 0 + flex-basis: 600px + will-change: flex-basis + overflow-y: scroll + overflow-x: hidden + background: darken(white, 3%) + border-radius: bottom 3px + z-index: 20 !important + animation: flexGrowIn 0.1s + box-shadow: 0 0 7px 0 darken(white, 30%) + transition: flex-basis 0.1s + box-sizing: border-box + .mCustomScrollBox padding-left: 0 @@ -169,7 +128,7 @@ if isMiniScreen .maximize-card-details, .minimize-card-details font-size: 24px - padding: 5px + padding: 5px 10px 5px 10px margin-right: -8px .close-card-details-mobile-web @@ -278,6 +237,43 @@ if isMiniScreen .activities padding-top: 10px +.card-details-maximized + padding: 0 + flex-shrink: 0 + flex-basis: calc(100% - 20px) + will-change: flex-basis + overflow-y: scroll + overflow-x: scroll + background: darken(white, 3%) + border-radius: bottom 3px + z-index: 1000 !important + animation: flexGrowIn 0.1s + box-shadow: 0 0 7px 0 darken(white, 30%) + transition: flex-basis 0.1s + box-sizing: border-box + position: absolute + top: 0 + left: 0 + height: calc(100% - 20px) + width: calc(100% - 20px) + float: left + + .card-details-left + position: absolute + float: left + top: 60px + left: 20px + width: 47% + + .card-details-right + position: absolute + float: right + top: 20px + left: 50% + + .card-details-header + width: 47% + input[type="text"].attachment-add-link-input float: left margin: 0 0 8px diff --git a/client/components/forms/forms.styl b/client/components/forms/forms.styl index a6103776c..d41ea4e62 100644 --- a/client/components/forms/forms.styl +++ b/client/components/forms/forms.styl @@ -86,7 +86,7 @@ select margin-bottom: 8px &.inline - width: 100% + width: 100% option[disabled] color: #8c8c8c diff --git a/i18n/de-CH.i18n.json b/i18n/de-CH.i18n.json index 2804e1dfb..f19f60127 100644 --- a/i18n/de-CH.i18n.json +++ b/i18n/de-CH.i18n.json @@ -82,8 +82,8 @@ "add-attachment": "Datei anhängen", "add-board": "Board hinzufügen", "add-card": "Karte hinzufügen", - "add-card-to-top-of-list": "Add Card to Top of List", - "add-card-to-bottom-of-list": "Add Card to Bottom of List", + "add-card-to-top-of-list": "Karte am Anfang der Liste hinzufügen", + "add-card-to-bottom-of-list": "Karte am Ende der Liste hinzufügen", "add-swimlane": "Swimlane hinzufügen", "add-subtask": "Teilaufgabe hinzufügen", "add-checklist": "Checkliste hinzufügen", @@ -133,7 +133,7 @@ "board-not-found": "Board nicht gefunden", "board-private-info": "Dieses Board wird privat sein.", "board-public-info": "Dieses Board wird öffentlich zugänglich sein.", - "board-drag-drop-reorder-or-click-open": "Drag and drop to reorder board icons. Click board icon to open board.", + "board-drag-drop-reorder-or-click-open": "Ziehen und Fallenlassen um die Board-Icons neu anzuordnen. Ein Klick auf das Board-Icon öffnet das zugehörige Board.", "boardChangeColorPopup-title": "Farbe des Boards ändern", "boardChangeTitlePopup-title": "Board umbenennen", "boardChangeVisibilityPopup-title": "Sichtbarkeit ändern", @@ -159,7 +159,7 @@ "card-due-on": "fällig am", "card-spent": "Aufgewendete Zeit", "card-edit-attachments": "Anhänge ändern", - "card-edit-custom-fields": "Benutzerdefinierte Felder editieren", + "card-edit-custom-fields": "Benutzerdefinierte Felder bearbeiten", "card-edit-labels": "Labels ändern", "card-edit-members": "Mitglieder ändern", "card-labels-title": "Labels für diese Karte ändern.", @@ -168,11 +168,11 @@ "card-start-on": "Start am", "cardAttachmentsPopup-title": "Anhängen von", "cardCustomField-datePopup-title": "Datum ändern", - "cardCustomFieldsPopup-title": "Benutzerdefinierte Felder editieren", + "cardCustomFieldsPopup-title": "Benutzerdefinierte Felder bearbeiten", "cardStartVotingPopup-title": "Abstimmung starten", "positiveVoteMembersPopup-title": "Befürworter", "negativeVoteMembersPopup-title": "Gegner", - "card-edit-voting": "Abstimmung editieren", + "card-edit-voting": "Abstimmung bearbeiten", "editVoteEndDatePopup-title": "Enddatum der Abstimmung ändern", "allowNonBoardMembers": "Alle eingeloggte Nutzer erlauben", "vote-question": "Abstimmen über", @@ -233,7 +233,7 @@ "close": "Schliessen", "close-board": "Board schliessen", "close-board-pop": "Sie können das Board wiederherstellen, indem Sie die Schaltfläche \"Archiv\" in der Kopfzeile der Startseite anklicken.", - "close-card": "Close Card", + "close-card": "Karte schliessen", "color-black": "schwarz", "color-blue": "blau", "color-crimson": "Karminrot", @@ -358,11 +358,11 @@ "export-board-excel": "Board nach Excel exportieren", "user-can-not-export-excel": "Benutzer kann nicht nach Excel exportieren", "export-board-html": "Board als HTML exportieren", - "export-card": "Export card", - "export-card-pdf": "Export card to PDF", - "user-can-not-export-card-to-pdf": "User can not export card to PDF", + "export-card": "Karte exportieren", + "export-card-pdf": "Karte als PDF exportieren", + "user-can-not-export-card-to-pdf": "Der Benutzer kann die Karte nicht als PDF exportieren", "exportBoardPopup-title": "Board exportieren", - "exportCardPopup-title": "Export card", + "exportCardPopup-title": "Karte exportieren", "sort": "Sortieren", "sort-desc": "Zum Sortieren der Liste klicken", "list-sort-by": "Sortieren der Liste nach:", @@ -451,8 +451,8 @@ "set-color-list": "Lege Farbe fest", "listActionPopup-title": "Listenaktionen", "settingsUserPopup-title": "Benutzereinstellungen", - "settingsTeamPopup-title": "Team Settings", - "settingsOrgPopup-title": "Organization Settings", + "settingsTeamPopup-title": "Team-Einstellungen", + "settingsOrgPopup-title": "Organisations-Einstellungen", "swimlaneActionPopup-title": "Swimlaneaktionen", "swimlaneAddPopup-title": "Swimlane unterhalb einfügen", "listImportCardPopup-title": "Eine Trello-Karte importieren", @@ -668,7 +668,7 @@ "setListColorPopup-title": "Farbe wählen", "assigned-by": "Zugewiesen von", "requested-by": "Angefordert von", - "card-sorting-by-number": "Card sorting by number", + "card-sorting-by-number": "Karten nach Nummer sortieren", "board-delete-notice": "Löschen kann nicht rückgängig gemacht werden. Sie werden alle Listen, Karten und Aktionen, die mit diesem Board verbunden sind, verlieren.", "delete-board-confirm-popup": "Alle Listen, Karten, Labels und Akivitäten werden gelöscht und Sie können die Inhalte des Boards nicht wiederherstellen! Die Aktion kann nicht rückgängig gemacht werden.", "boardDeletePopup-title": "Board löschen?", @@ -850,8 +850,8 @@ "act-duenow": "erinnernd an das aktuelle Fälligkeitszeitpunkt (__timeValue__) von __card__ ist jetzt", "act-atUserComment": "Sie wurden in [__board__] __list__/__card__ erwähnt", "delete-user-confirm-popup": "Sind Sie sicher, dass Sie diesen Account löschen wollen? Die Aktion kann nicht rückgängig gemacht werden.", - "delete-team-confirm-popup": "Are you sure you want to delete this team? There is no undo.", - "delete-org-confirm-popup": "Are you sure you want to delete this organization? There is no undo.", + "delete-team-confirm-popup": "Sind Sie sicher, dass Sie dieses Team löschen möchten? Es gibt kein Zurück!", + "delete-org-confirm-popup": "Sind Sie sicher, dass Sie diese Organisation löschen möchten? Es gibt kein Zurück!", "accounts-allowUserDelete": "Erlaube Benutzern ihren eigenen Account zu löschen", "hide-minicard-label-text": "Labeltext auf Minikarte ausblenden", "show-desktop-drag-handles": "Desktop-Ziehpunkte anzeigen", @@ -1052,8 +1052,8 @@ "Rotateplane": "Rotateplane Wait Spinner", "Scaleout": "Scaleout Wait Spinner", "Wave": "Wave Wait Spinner", - "maximize-card": "Maximize Card", - "minimize-card": "Minimize Card", + "maximize-card": "Karte maximieren", + "minimize-card": "Karte minimieren", "delete-org-warning-message": "Can not delete this organization, there is at least one user belongs to is", "delete-team-warning-message": "Can not delete this team, there is at least one user belongs to is" } diff --git a/i18n/ru.i18n.json b/i18n/ru.i18n.json index 69d4c1468..4448d9508 100644 --- a/i18n/ru.i18n.json +++ b/i18n/ru.i18n.json @@ -358,11 +358,11 @@ "export-board-excel": "Экспортировать доску в Excel", "user-can-not-export-excel": "Пользователь не может экспортировать в Excel", "export-board-html": "Экспортировать доску в HTML", - "export-card": "Export card", - "export-card-pdf": "Export card to PDF", - "user-can-not-export-card-to-pdf": "User can not export card to PDF", + "export-card": "Экспорт карточки", + "export-card-pdf": "Экспорт карточки в PDF", + "user-can-not-export-card-to-pdf": "Пользователь не может экспортировать карточку в PDF", "exportBoardPopup-title": "Экспортировать доску", - "exportCardPopup-title": "Export card", + "exportCardPopup-title": "Экспорт карточки", "sort": "Сортировать", "sort-desc": "Нажмите, чтобы отсортировать список", "list-sort-by": "Сортировать список по:", @@ -1049,11 +1049,11 @@ "Cube-Grid": "Сетка кубиков", "Dot": "Точки", "Double-Bounce": "Двойной прыгающий спинер ожидания", - "Rotateplane": "Rotateplane Wait Spinner", - "Scaleout": "Scaleout Wait Spinner", - "Wave": "Wave Wait Spinner", - "maximize-card": "Maximize Card", - "minimize-card": "Minimize Card", + "Rotateplane": "Врщающийся лист", + "Scaleout": "Увеличивающийся-уменьшающийся спиннер", + "Wave": "Волновой спиннер", + "maximize-card": "Максимизировать карточку", + "minimize-card": "Минимизировать карточку", "delete-org-warning-message": "Can not delete this organization, there is at least one user belongs to is", "delete-team-warning-message": "Can not delete this team, there is at least one user belongs to is" } diff --git a/models/boards.js b/models/boards.js index 0364dd9f7..ee0e09e26 100644 --- a/models/boards.js +++ b/models/boards.js @@ -1678,7 +1678,8 @@ if (Meteor.isServer) { */ JsonRoutes.add('GET', '/api/boards', function(req, res) { try { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); JsonRoutes.sendResult(res, { code: 200, data: Boards.find( @@ -1852,7 +1853,8 @@ if (Meteor.isServer) { * @return_type string */ JsonRoutes.add('PUT', '/api/boards/:boardId/labels', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const id = req.params.boardId; try { if (req.body.hasOwnProperty('label')) { diff --git a/models/cardComments.js b/models/cardComments.js index e77ae164b..799b541d8 100644 --- a/models/cardComments.js +++ b/models/cardComments.js @@ -192,8 +192,8 @@ if (Meteor.isServer) { res, ) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { code: 200, @@ -230,8 +230,8 @@ if (Meteor.isServer) { '/api/boards/:boardId/cards/:cardId/comments/:commentId', function(req, res) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCommentId = req.params.commentId; const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { @@ -266,8 +266,8 @@ if (Meteor.isServer) { '/api/boards/:boardId/cards/:cardId/comments', function(req, res) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCardId = req.params.cardId; const id = CardComments.direct.insert({ userId: req.body.authorId, @@ -312,8 +312,8 @@ if (Meteor.isServer) { '/api/boards/:boardId/cards/:cardId/comments/:commentId', function(req, res) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCommentId = req.params.commentId; const paramCardId = req.params.cardId; CardComments.remove({ diff --git a/models/cards.js b/models/cards.js index 28ffb4022..08716e68e 100644 --- a/models/cards.js +++ b/models/cards.js @@ -3308,8 +3308,8 @@ if (Meteor.isServer) { 'PUT', '/api/boards/:boardId/lists/:listId/cards/:cardId', function(req, res) { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCardId = req.params.cardId; const paramListId = req.params.listId; @@ -3666,8 +3666,8 @@ if (Meteor.isServer) { 'DELETE', '/api/boards/:boardId/lists/:listId/cards/:cardId', function(req, res) { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramListId = req.params.listId; const paramCardId = req.params.cardId; diff --git a/models/checklistItems.js b/models/checklistItems.js index afcd9081a..fb543716b 100644 --- a/models/checklistItems.js +++ b/models/checklistItems.js @@ -265,7 +265,8 @@ if (Meteor.isServer) { 'GET', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramItemId = req.params.itemId; const checklistItem = ChecklistItems.findOne({ _id: paramItemId }); if (checklistItem) { @@ -298,7 +299,8 @@ if (Meteor.isServer) { 'PUT', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramItemId = req.params.itemId; @@ -349,7 +351,8 @@ if (Meteor.isServer) { 'DELETE', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramItemId = req.params.itemId; ChecklistItems.direct.remove({ _id: paramItemId }); JsonRoutes.sendResult(res, { diff --git a/models/checklists.js b/models/checklists.js index fbc82610d..d02e848c8 100644 --- a/models/checklists.js +++ b/models/checklists.js @@ -204,7 +204,8 @@ if (Meteor.isServer) { 'GET', '/api/boards/:boardId/cards/:cardId/checklists', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCardId = req.params.cardId; const checklists = Checklists.find({ cardId: paramCardId }).map(function( doc, @@ -247,7 +248,8 @@ if (Meteor.isServer) { 'GET', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramChecklistId = req.params.checklistId; const paramCardId = req.params.cardId; const checklist = Checklists.findOne({ @@ -351,7 +353,8 @@ if (Meteor.isServer) { 'DELETE', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function(req, res) { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramChecklistId = req.params.checklistId; Checklists.remove({ _id: paramChecklistId }); JsonRoutes.sendResult(res, { diff --git a/models/customFields.js b/models/customFields.js index 9f5db0667..debd35c6a 100644 --- a/models/customFields.js +++ b/models/customFields.js @@ -294,8 +294,8 @@ if (Meteor.isServer) { req, res, ) { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); JsonRoutes.sendResult(res, { code: 200, data: CustomFields.find({ boardIds: { $in: [paramBoardId] } }).map( @@ -323,8 +323,8 @@ if (Meteor.isServer) { 'GET', '/api/boards/:boardId/custom-fields/:customFieldId', function(req, res) { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCustomFieldId = req.params.customFieldId; JsonRoutes.sendResult(res, { code: 200, @@ -353,8 +353,8 @@ if (Meteor.isServer) { req, res, ) { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const board = Boards.findOne({ _id: paramBoardId }); const id = CustomFields.direct.insert({ name: req.body.name, @@ -396,7 +396,8 @@ if (Meteor.isServer) { 'PUT', '/api/boards/:boardId/custom-fields/:customFieldId', (req, res) => { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramFieldId = req.params.customFieldId; @@ -461,7 +462,8 @@ if (Meteor.isServer) { 'POST', '/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items', (req, res) => { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramCustomFieldId = req.params.customFieldId; const paramItems = req.body.items; @@ -504,7 +506,8 @@ if (Meteor.isServer) { 'PUT', '/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items/:dropdownItemId', (req, res) => { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramDropdownItemId = req.params.dropdownItemId; const paramCustomFieldId = req.params.customFieldId; @@ -545,7 +548,8 @@ if (Meteor.isServer) { 'DELETE', '/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items/:dropdownItemId', (req, res) => { - Authentication.checkUserId(req.userId); + const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); paramCustomFieldId = req.params.customFieldId; paramDropdownItemId = req.params.dropdownItemId; @@ -580,8 +584,8 @@ if (Meteor.isServer) { 'DELETE', '/api/boards/:boardId/custom-fields/:customFieldId', function(req, res) { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const id = req.params.customFieldId; CustomFields.remove({ _id: id, boardIds: { $in: [paramBoardId] } }); JsonRoutes.sendResult(res, { diff --git a/models/lists.js b/models/lists.js index 29f71eb01..4bd9839a3 100644 --- a/models/lists.js +++ b/models/lists.js @@ -531,8 +531,8 @@ if (Meteor.isServer) { */ JsonRoutes.add('POST', '/api/boards/:boardId/lists', function(req, res) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const board = Boards.findOne(paramBoardId); const id = Lists.insert({ title: req.body.title, @@ -569,8 +569,8 @@ if (Meteor.isServer) { res, ) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const paramListId = req.params.listId; Lists.remove({ _id: paramListId, boardId: paramBoardId }); JsonRoutes.sendResult(res, { diff --git a/models/swimlanes.js b/models/swimlanes.js index 78e8b2062..095268a8c 100644 --- a/models/swimlanes.js +++ b/models/swimlanes.js @@ -454,8 +454,8 @@ if (Meteor.isServer) { */ JsonRoutes.add('POST', '/api/boards/:boardId/swimlanes', function(req, res) { try { - Authentication.checkUserId(req.userId); const paramBoardId = req.params.boardId; + Authentication.checkBoardAccess(req.userId, paramBoardId); const board = Boards.findOne(paramBoardId); const id = Swimlanes.insert({ title: req.body.title, diff --git a/package-lock.json b/package-lock.json index 3bb1163f3..639188d5b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "wekan", - "version": "v5.34.0", + "version": "v5.35.0", "lockfileVersion": 2, "requires": true, "packages": { diff --git a/package.json b/package.json index 3c7ec3af7..4d28fc99c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "wekan", - "version": "v5.34.0", + "version": "v5.35.0", "description": "Open-Source kanban", "private": true, "repository": { diff --git a/public/api/wekan.html b/public/api/wekan.html index da2758133..626f0726e 100644 --- a/public/api/wekan.html +++ b/public/api/wekan.html @@ -7,7 +7,7 @@ - Wekan REST API v5.34 + Wekan REST API v5.35 @@ -1553,7 +1553,7 @@ var n=this.pipeline.run(e.tokenizer(t)),r=new e.Vector,i=[],o=this._fields.reduc