Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-09-22 01:50:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fixed REST API, it shoud work now by Admin user.

Browse source 
Reverted Allow board members to use more of API of Wekan v5.35
a719e8fda1

Thanks to tomhughes.

Fixes #4009,
fixes #2793,
fixes #2790
This commit is contained in:
Lauri Ojansivu 2021-09-25 18:09:18 +03:00
parent 5b5094ced6
commit e3a0dea85f
8 changed files with 38 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

12
models/boards.js
View file

@ -1831,8 +1831,7 @@ if (Meteor.isServer) {
*/
JsonRoutes.add('GET', '/api/boards', function(req, res) {
try {
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
Authentication.checkUserId(req.userId);
JsonRoutes.sendResult(res, {
code: 200,
data: Boards.find(
@ -1888,8 +1887,8 @@ if (Meteor.isServer) {
*/
JsonRoutes.add('GET', '/api/boards/:boardId', function(req, res) {
try {
Authentication.checkUserId(req.userId);
const id = req.params.boardId;
Authentication.checkBoardAccess(req.userId, id);
JsonRoutes.sendResult(res, {
code: 200,
@ -2006,8 +2005,7 @@ if (Meteor.isServer) {
* @return_type string
*/
JsonRoutes.add('PUT', '/api/boards/:boardId/labels', function(req, res) {
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
Authentication.checkUserId(req.userId);
const id = req.params.boardId;
try {
if (req.body.hasOwnProperty('label')) {
@ -2054,10 +2052,10 @@ if (Meteor.isServer) {
res,
) {
try {
Authentication.checkUserId(req.userId);
const boardId = req.params.boardId;
const memberId = req.params.memberId;
const { isAdmin, isNoComments, isCommentOnly, isWorker } = req.body;
Authentication.checkBoardAccess(req.userId, boardId);
const board = Boards.findOne({ _id: boardId });
function isTrue(data) {
try {
@ -2101,8 +2099,8 @@ if (Meteor.isServer) {
* swimlaneId: string}]
*/
JsonRoutes.add('GET', '/api/boards/:boardId/attachments', function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Attachments.files