diff --git a/models/lists.js b/models/lists.js index 7564f7dbb..4eb4574f1 100644 --- a/models/lists.js +++ b/models/lists.js @@ -425,15 +425,44 @@ Meteor.methods({ applyWipLimit(listId, limit) { check(listId, String); check(limit, Number); + + if (!this.userId) { + throw new Meteor.Error('not-authorized', 'You must be logged in.'); + } + + const list = ReactiveCache.getList(listId); + if (!list) { + throw new Meteor.Error('list-not-found', 'List not found'); + } + + const board = ReactiveCache.getBoard(list.boardId); + if (!board || !board.hasAdmin(this.userId)) { + throw new Meteor.Error('not-authorized', 'You must be a board admin to modify WIP limits.'); + } + if (limit === 0) { limit = 1; } - ReactiveCache.getList(listId).setWipLimit(limit); + list.setWipLimit(limit); }, enableWipLimit(listId) { check(listId, String); + + if (!this.userId) { + throw new Meteor.Error('not-authorized', 'You must be logged in.'); + } + const list = ReactiveCache.getList(listId); + if (!list) { + throw new Meteor.Error('list-not-found', 'List not found'); + } + + const board = ReactiveCache.getBoard(list.boardId); + if (!board || !board.hasAdmin(this.userId)) { + throw new Meteor.Error('not-authorized', 'You must be a board admin to modify WIP limits.'); + } + if (list.getWipLimit('value') === 0) { list.setWipLimit(1); } @@ -442,7 +471,21 @@ Meteor.methods({ enableSoftLimit(listId) { check(listId, String); + + if (!this.userId) { + throw new Meteor.Error('not-authorized', 'You must be logged in.'); + } + const list = ReactiveCache.getList(listId); + if (!list) { + throw new Meteor.Error('list-not-found', 'List not found'); + } + + const board = ReactiveCache.getBoard(list.boardId); + if (!board || !board.hasAdmin(this.userId)) { + throw new Meteor.Error('not-authorized', 'You must be a board admin to modify WIP limits.'); + } + list.toggleSoftLimit(!list.getWipLimit('soft')); },