Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-06 09:38:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Try to fix User API.

Browse source 
Thanks to xet7 !

Fixes #4039
This commit is contained in:
Lauri Ojansivu 2023-01-13 21:50:39 +02:00
parent c817deef9e
commit 8092f8be28
9 changed files with 82 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

10
models/boards.js
View file

@ -2002,12 +2002,12 @@ if (Meteor.isServer) {
*/
JsonRoutes.add('GET', '/api/boards/:boardId', function(req, res) {
try {
Authentication.checkUserId(req.userId);
const id = req.params.boardId;
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Boards.findOne({ _id: id }),
data: Boards.findOne({ _id: paramBoardId }),
});
} catch (error) {
JsonRoutes.sendResult(res, {
@ -2120,8 +2120,8 @@ if (Meteor.isServer) {
* @return_type string
*/
JsonRoutes.add('PUT', '/api/boards/:boardId/labels', function(req, res) {
Authentication.checkUserId(req.userId);
const id = req.params.boardId;
Authentication.checkBoardAccess(req.userId, id);
try {
if (req.body.hasOwnProperty('label')) {
const board = Boards.findOne({ _id: id });
@ -2214,8 +2214,8 @@ if (Meteor.isServer) {
* swimlaneId: string}]
*/
JsonRoutes.add('GET', '/api/boards/:boardId/attachments', function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Attachments.files