Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-09-22 01:50:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Changed GET /api/boards/:id to allow access by the normally also allowed users.

Browse source
This commit is contained in:
mayjs 2017-05-15 19:43:53 +02:00
parent ef6f2e8d62
commit 95e2025ff9
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
models/boards.js
View file

@ -557,7 +557,6 @@ if (Meteor.isServer) {
//BOARDS REST API //BOARDS REST API
if (Meteor.isServer) { if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/user/boards', function (req, res, next) { JsonRoutes.add('GET', '/api/user/boards', function (req, res, next) {
// TODO: This should be changed to be less restrictive!
Authentication.checkLoggedIn(req.userId); Authentication.checkLoggedIn(req.userId);
const data = Boards.find({ const data = Boards.find({
@ -589,8 +588,12 @@ if (Meteor.isServer) {
}); });
JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) { JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
Authentication.checkUserId( req.userId); Authentication.checkLoggedIn( req.userId);
const id = req.params.id; const id = req.params.id;
const board = Boards.findOne({ _id: id });
const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
Authentication.checkAdminOrCondition(req.userId, normalAccess);
JsonRoutes.sendResult(res, { JsonRoutes.sendResult(res, {
code: 200, code: 200,
data: Boards.findOne({ _id: id }), data: Boards.findOne({ _id: id }),