Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-20 17:30:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Allow board members to use more of API. Please add issue (or pull request) if this allows too much.

Browse source 
Thanks to JayVii and xet7 !

Fixes #3862
This commit is contained in:
Lauri Ojansivu 2021-06-14 15:01:37 +03:00
parent 50fa8a0743
commit a719e8fda1
8 changed files with 40 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
models/cardComments.js
View file

@ -192,8 +192,8 @@ if (Meteor.isServer) {
res,
) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramCardId = req.params.cardId;
JsonRoutes.sendResult(res, {
code: 200,
@ -230,8 +230,8 @@ if (Meteor.isServer) {
'/api/boards/:boardId/cards/:cardId/comments/:commentId',
function(req, res) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramCommentId = req.params.commentId;
const paramCardId = req.params.cardId;
JsonRoutes.sendResult(res, {
@ -266,8 +266,8 @@ if (Meteor.isServer) {
'/api/boards/:boardId/cards/:cardId/comments',
function(req, res) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramCardId = req.params.cardId;
const id = CardComments.direct.insert({
userId: req.body.authorId,
@ -312,8 +312,8 @@ if (Meteor.isServer) {
'/api/boards/:boardId/cards/:cardId/comments/:commentId',
function(req, res) {
try {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramCommentId = req.params.commentId;
const paramCardId = req.params.cardId;
CardComments.remove({