Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-22 10:20:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix lint errors back to eslint requirements.

Browse source
This commit is contained in:
Lauri Ojansivu 2018-05-18 15:20:20 +03:00
parent ef99e6a6b1
commit 9b465bc98b
3 changed files with 96 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

170
models/attachments.js
View file

@ -1,90 +1,90 @@
Attachments = new FS.Collection('attachments', { Attachments = new FS.Collection('attachments', {
stores: [ stores: [
// XXX Add a new store for cover thumbnails so we don't load big images in // XXX Add a new store for cover thumbnails so we don't load big images in
// the general board view // the general board view
new FS.Store.GridFS('attachments', { new FS.Store.GridFS('attachments', {
// If the uploaded document is not an image we need to enforce browser // If the uploaded document is not an image we need to enforce browser
// download instead of execution. This is particularly important for HTML // download instead of execution. This is particularly important for HTML
// files that the browser will just execute if we don't serve them with the // files that the browser will just execute if we don't serve them with the
// appropriate `application/octet-stream` MIME header which can lead to user // appropriate `application/octet-stream` MIME header which can lead to user
// data leaks. I imagine other formats (like PDF) can also be attack vectors. // data leaks. I imagine other formats (like PDF) can also be attack vectors.
// See https://github.com/wekan/wekan/issues/99 // See https://github.com/wekan/wekan/issues/99
// XXX Should we use `beforeWrite` option of CollectionFS instead of // XXX Should we use `beforeWrite` option of CollectionFS instead of
// collection-hooks? // collection-hooks?
// We should use `beforeWrite`. // We should use `beforeWrite`.
beforeWrite: (fileObj) => { beforeWrite: (fileObj) => {
if (!fileObj.isImage()) { if (!fileObj.isImage()) {
return { return {
type: 'application/octet-stream', type: 'application/octet-stream',
}; };
} }
return {}; return {};
},
}),
],
});
if (Meteor.isServer) {
Attachments.allow({
insert(userId, doc) {
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
},
update(userId, doc) {
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
},
remove(userId, doc) {
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
},
// We authorize the attachment download either:
// - if the board is public, everyone (even unconnected) can download it
// - if the board is private, only board members can download it
download(userId, doc) {
const board = Boards.findOne(doc.boardId);
if (board.isPublic()) {
return true;
} else {
return board.hasMember(userId);
}
},
fetch: ['boardId'],
});
}
// XXX Enforce a schema for the Attachments CollectionFS
if (Meteor.isServer) {
Attachments.files.after.insert((userId, doc) => {
// If the attachment doesn't have a source field
// or its source is different than import
if (!doc.source || doc.source !== 'import') {
// Add activity about adding the attachment
Activities.insert({
userId,
type: 'card',
activityType: 'addAttachment',
attachmentId: doc._id,
boardId: doc.boardId,
cardId: doc.cardId,
});
} else {
// Don't add activity about adding the attachment as the activity
// be imported and delete source field
Attachments.update({
_id: doc._id,
}, {
$unset: {
source: '',
}, },
}), });
], }
}); });
Attachments.files.after.remove((userId, doc) => {
if (Meteor.isServer) { Activities.remove({
Attachments.allow({ attachmentId: doc._id,
insert(userId, doc) {
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
},
update(userId, doc) {
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
},
remove(userId, doc) {
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
},
// We authorize the attachment download either:
// - if the board is public, everyone (even unconnected) can download it
// - if the board is private, only board members can download it
download(userId, doc) {
const board = Boards.findOne(doc.boardId);
if (board.isPublic()) {
return true;
} else {
return board.hasMember(userId);
}
},
fetch: ['boardId'],
}); });
} });
}
// XXX Enforce a schema for the Attachments CollectionFS
if (Meteor.isServer) {
Attachments.files.after.insert((userId, doc) => {
// If the attachment doesn't have a source field
// or its source is different than import
if (!doc.source || doc.source !== 'import') {
// Add activity about adding the attachment
Activities.insert({
userId,
type: 'card',
activityType: 'addAttachment',
attachmentId: doc._id,
boardId: doc.boardId,
cardId: doc.cardId,
});
} else {
// Don't add activity about adding the attachment as the activity
// be imported and delete source field
Attachments.update({
_id: doc._id,
}, {
$unset: {
source: '',
},
});
}
});
Attachments.files.after.remove((userId, doc) => {
Activities.remove({
attachmentId: doc._id,
});
});
}

10
sandstorm.js
View file

@ -75,7 +75,7 @@ if (isSandstorm && Meteor.isServer) {
session.claimRequest(token).then((response) => { session.claimRequest(token).then((response) => {
const identity = response.cap.castAs(Identity.Identity); const identity = response.cap.castAs(Identity.Identity);
const promises = [api.getIdentityId(identity), identity.getProfile(), const promises = [api.getIdentityId(identity), identity.getProfile(),
httpBridge.saveIdentity(identity)]; httpBridge.saveIdentity(identity)];
return Promise.all(promises).then((responses) => { return Promise.all(promises).then((responses) => {
const identityId = responses[0].id.toString('hex').slice(0, 32); const identityId = responses[0].id.toString('hex').slice(0, 32);
const profile = responses[1].profile; const profile = responses[1].profile;
@ -115,9 +115,9 @@ if (isSandstorm && Meteor.isServer) {
const identity = response.identity; const identity = response.identity;
return identity.getProfile().then(() => { return identity.getProfile().then(() => {
return { identity, return { identity,
mentioned: !!user.mentioned, mentioned: !!user.mentioned,
subscribed: !!user.subscribed, subscribed: !!user.subscribed,
}; };
}); });
}).catch(() => { }).catch(() => {
// Ignore identities that fail to restore. Either they were added before we set // Ignore identities that fail to restore. Either they were added before we set
@ -132,7 +132,7 @@ if (isSandstorm && Meteor.isServer) {
return session.activity(event); return session.activity(event);
}).then(() => done(), }).then(() => done(),
(e) => done(e)); (e) => done(e));
})(); })();
} }

12
server/migrations.js
View file

@ -167,9 +167,9 @@ Migrations.add('add-swimlanes', () => {
Cards.find({ boardId: board._id }).forEach((card) => { Cards.find({ boardId: board._id }).forEach((card) => {
if (!card.hasOwnProperty('swimlaneId')) { if (!card.hasOwnProperty('swimlaneId')) {
Cards.direct.update( Cards.direct.update(
{ _id: card._id }, { _id: card._id },
{ $set: { swimlaneId } }, { $set: { swimlaneId } },
noValidate noValidate
); );
} }
}); });
@ -180,9 +180,9 @@ Migrations.add('add-views', () => {
Boards.find().forEach((board) => { Boards.find().forEach((board) => {
if (!board.hasOwnProperty('view')) { if (!board.hasOwnProperty('view')) {
Boards.direct.update( Boards.direct.update(
{ _id: board._id }, { _id: board._id },
{ $set: { view: 'board-view-swimlanes' } }, { $set: { view: 'board-view-swimlanes' } },
noValidate noValidate
); );
} }
}); });