Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-03-13 00:46:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Try to fix User API.

Browse source 
Thanks to xet7 !

Fixes #4039
This commit is contained in:
Lauri Ojansivu 2023-01-13 21:50:39 +02:00
parent c817deef9e
commit 8092f8be28
9 changed files with 82 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

8
models/cardComments.js
View file

@ -235,9 +235,9 @@ if (Meteor.isServer) {
res,
) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCardId = req.params.cardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: CardComments.find({
@ -273,10 +273,10 @@ if (Meteor.isServer) {
'/api/boards/:boardId/cards/:cardId/comments/:commentId',
function (req, res) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCommentId = req.params.commentId;
const paramCardId = req.params.cardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: CardComments.findOne({
@ -309,9 +309,9 @@ if (Meteor.isServer) {
'/api/boards/:boardId/cards/:cardId/comments',
function (req, res) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCardId = req.params.cardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const id = CardComments.direct.insert({
userId: req.body.authorId,
text: req.body.comment,
@ -355,10 +355,10 @@ if (Meteor.isServer) {
'/api/boards/:boardId/cards/:cardId/comments/:commentId',
function (req, res) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCommentId = req.params.commentId;
const paramCardId = req.params.cardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
CardComments.remove({
_id: paramCommentId,
cardId: paramCardId,