Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 23:40:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Prevent isCommentOnly user adding attachments, editing list names, moving lists,

Browse source 
and seeing board settings menu. Show non-editable Custom Fields to isCommentOnly user.

Thanks to xet7 !

Closes wekan/wekan-snap#97,
closes #2416,
closes #2255
This commit is contained in:
Lauri Ojansivu 2019-07-24 15:01:05 +03:00
parent 62bfe1da21
commit a68c928896
5 changed files with 42 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

26
client/components/cards/attachments.jade
View file

@ -37,17 +37,19 @@ template(name="attachmentsGalery")
i.fa.fa-download i.fa.fa-download
| {{_ 'download'}} | {{_ 'download'}}
if currentUser.isBoardMember if currentUser.isBoardMember
if isImage unless currentUser.isCommentOnly
a(class="{{#if $eq ../coverId _id}}js-remove-cover{{else}}js-add-cover{{/if}}") if isImage
i.fa.fa-thumb-tack a(class="{{#if $eq ../coverId _id}}js-remove-cover{{else}}js-add-cover{{/if}}")
if($eq ../coverId _id) i.fa.fa-thumb-tack
| {{_ 'remove-cover'}} if($eq ../coverId _id)
else | {{_ 'remove-cover'}}
| {{_ 'add-cover'}} else
a.js-confirm-delete | {{_ 'add-cover'}}
i.fa.fa-close a.js-confirm-delete
| {{_ 'delete'}} i.fa.fa-close
| {{_ 'delete'}}
if currentUser.isBoardMember if currentUser.isBoardMember
li.attachment-item.add-attachment unless currentUser.isCommentOnly
a.js-add-attachment {{_ 'add-attachment' }} li.attachment-item.add-attachment
a.js-add-attachment {{_ 'add-attachment' }}

16
client/components/cards/cardCustomFields.jade
View file

@ -31,6 +31,10 @@ template(name="cardCustomField-text")
= value = value
else else
| {{_ 'edit'}} | {{_ 'edit'}}
else
+viewer
= value
template(name="cardCustomField-number") template(name="cardCustomField-number")
if canModifyCard if canModifyCard
@ -45,6 +49,9 @@ template(name="cardCustomField-number")
= value = value
else else
| {{_ 'edit'}} | {{_ 'edit'}}
else
if value
= value
template(name="cardCustomField-date") template(name="cardCustomField-date")
if canModifyCard if canModifyCard
@ -55,6 +62,11 @@ template(name="cardCustomField-date")
| {{showDate}} | {{showDate}}
else else
| {{_ 'edit'}} | {{_ 'edit'}}
else
if value
div.card-date
time(datetime="{{showISODate}}")
| {{showDate}}
template(name="cardCustomField-dropdown") template(name="cardCustomField-dropdown")
if canModifyCard if canModifyCard
@ -79,3 +91,7 @@ template(name="cardCustomField-dropdown")
= selectedItem = selectedItem
else else
| {{_ 'edit'}} | {{_ 'edit'}}
else
if value
+viewer
= selectedItem

2
client/components/lists/listHeader.jade
View file

@ -9,7 +9,7 @@ template(name="listHeader")
if currentList if currentList
a.list-header-left-icon.fa.fa-angle-left.js-unselect-list a.list-header-left-icon.fa.fa-angle-left.js-unselect-list
h2.list-header-name( h2.list-header-name(
class="{{#if currentUser.isBoardMember}}js-open-inlined-form is-editable{{/if}}") class="{{#if currentUser.isBoardMember}}{{#unless currentUser.isCommentOnly}}js-open-inlined-form is-editable{{/unless}}{{/if}}")
+viewer +viewer
= title = title
if wipLimit.enabled if wipLimit.enabled

5
client/components/sidebar/sidebar.jade
View file

@ -34,8 +34,9 @@ template(name="membersWidget")
h3 h3
i.fa.fa-user i.fa.fa-user
| {{_ 'members'}} | {{_ 'members'}}
a.board-header-btn.js-open-board-menu(title="{{_ 'boardMenuPopup-title'}}").right unless currentUser.isCommentOnly
i.board-header-btn-icon.fa.fa-cog a.board-header-btn.js-open-board-menu(title="{{_ 'boardMenuPopup-title'}}").right
i.board-header-btn-icon.fa.fa-cog
.board-widget-content .board-widget-content
each currentBoard.activeMembers each currentBoard.activeMembers

12
client/components/swimlanes/swimlanes.jade
View file

@ -9,14 +9,16 @@ template(name="swimlane")
each lists each lists
+miniList(this) +miniList(this)
if currentUser.isBoardMember if currentUser.isBoardMember
+addListForm unless currentUser.isCommentOnly
+addListForm
else else
each lists each lists
+list(this) +list(this)
if currentCardIsInThisList _id ../_id if currentCardIsInThisList _id ../_id
+cardDetails(currentCard) +cardDetails(currentCard)
if currentUser.isBoardMember if currentUser.isBoardMember
+addListForm unless currentUser.isCommentOnly
+addListForm
template(name="listsGroup") template(name="listsGroup")
.swimlane.list-group.js-lists .swimlane.list-group.js-lists
@ -27,14 +29,16 @@ template(name="listsGroup")
each lists each lists
+miniList(this) +miniList(this)
if currentUser.isBoardMember if currentUser.isBoardMember
+addListForm unless currentUser.isCommentOnly
+addListForm
else else
each lists each lists
+list(this) +list(this)
if currentCardIsInThisList _id null if currentCardIsInThisList _id null
+cardDetails(currentCard) +cardDetails(currentCard)
if currentUser.isBoardMember if currentUser.isBoardMember
+addListForm unless currentUser.isCommentOnly
+addListForm
template(name="addListForm") template(name="addListForm")
.list.list-composer.js-list-composer .list.list-composer.js-list-composer