Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-09-22 01:50:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Allow board members to use more of API. Please add issue (or pull request) if this allows too much.

Browse source 
Thanks to JayVii and xet7 !

Fixes #3862
This commit is contained in:
Lauri Ojansivu 2021-06-14 15:01:37 +03:00
parent 50fa8a0743
commit a719e8fda1
8 changed files with 40 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

9
models/checklistItems.js
View file

@ -265,7 +265,8 @@ if (Meteor.isServer) {
'GET',
'/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItemId = req.params.itemId;
const checklistItem = ChecklistItems.findOne({ _id: paramItemId });
if (checklistItem) {
@ -298,7 +299,8 @@ if (Meteor.isServer) {
'PUT',
'/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItemId = req.params.itemId;
@ -349,7 +351,8 @@ if (Meteor.isServer) {
'DELETE',
'/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItemId = req.params.itemId;
ChecklistItems.direct.remove({ _id: paramItemId });
JsonRoutes.sendResult(res, {