Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-06 17:48:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Try to fix User API.

Browse source 
Thanks to xet7 !

Fixes #4039
This commit is contained in:
Lauri Ojansivu 2023-01-13 21:50:39 +02:00
parent c817deef9e
commit 8092f8be28
9 changed files with 82 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

16
models/customFields.js
View file

@ -301,8 +301,8 @@ if (Meteor.isServer) {
req,
res,
) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: CustomFields.find({ boardIds: { $in: [paramBoardId] } }).map(
@ -330,9 +330,9 @@ if (Meteor.isServer) {
'GET',
'/api/boards/:boardId/custom-fields/:customFieldId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCustomFieldId = req.params.customFieldId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: CustomFields.findOne({
@ -361,8 +361,8 @@ if (Meteor.isServer) {
req,
res,
) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const board = Boards.findOne({ _id: paramBoardId });
const id = CustomFields.direct.insert({
name: req.body.name,
@ -406,9 +406,9 @@ if (Meteor.isServer) {
'PUT',
'/api/boards/:boardId/custom-fields/:customFieldId',
(req, res) => {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramFieldId = req.params.customFieldId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
if (req.body.hasOwnProperty('name')) {
CustomFields.direct.update(
@ -479,9 +479,9 @@ if (Meteor.isServer) {
'POST',
'/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items',
(req, res) => {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCustomFieldId = req.params.customFieldId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItems = req.body.items;
if (req.body.hasOwnProperty('items')) {
@ -522,10 +522,10 @@ if (Meteor.isServer) {
'PUT',
'/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items/:dropdownItemId',
(req, res) => {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramDropdownItemId = req.params.dropdownItemId;
const paramCustomFieldId = req.params.customFieldId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramName = req.body.name;
if (req.body.hasOwnProperty('name')) {
@ -563,10 +563,10 @@ if (Meteor.isServer) {
'DELETE',
'/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items/:dropdownItemId',
(req, res) => {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
paramCustomFieldId = req.params.customFieldId;
paramDropdownItemId = req.params.dropdownItemId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
CustomFields.direct.update(
{ _id: paramCustomFieldId },
@ -598,8 +598,8 @@ if (Meteor.isServer) {
'DELETE',
'/api/boards/:boardId/custom-fields/:customFieldId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const id = req.params.customFieldId;
CustomFields.remove({ _id: id, boardIds: { $in: [paramBoardId] } });
JsonRoutes.sendResult(res, {