Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-07 01:58:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fixed REST API, it shoud work now by Admin user.

Browse source 
Reverted Allow board members to use more of API of Wekan v5.35
a719e8fda1

Thanks to tomhughes.

Fixes #4009,
fixes #2793,
fixes #2790
This commit is contained in:
Lauri Ojansivu 2021-09-25 18:09:18 +03:00
parent 5b5094ced6
commit e3a0dea85f
8 changed files with 38 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

13
models/cards.js
View file

@ -3110,9 +3110,9 @@ if (Meteor.isServer) {
'GET',
'/api/boards/:boardId/swimlanes/:swimlaneId/cards',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramSwimlaneId = req.params.swimlaneId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Cards.find({
@ -3152,9 +3152,9 @@ if (Meteor.isServer) {
req,
res,
) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramListId = req.params.listId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Cards.find({
@ -3189,10 +3189,10 @@ if (Meteor.isServer) {
'GET',
'/api/boards/:boardId/lists/:listId/cards/:cardId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramListId = req.params.listId;
const paramCardId = req.params.cardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Cards.findOne({
@ -3339,8 +3339,8 @@ if (Meteor.isServer) {
'PUT',
'/api/boards/:boardId/lists/:listId/cards/:cardId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramCardId = req.params.cardId;
const paramListId = req.params.listId;
@ -3697,8 +3697,8 @@ if (Meteor.isServer) {
'DELETE',
'/api/boards/:boardId/lists/:listId/cards/:cardId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramListId = req.params.listId;
const paramCardId = req.params.cardId;
@ -3737,11 +3737,10 @@ if (Meteor.isServer) {
'GET',
'/api/boards/:boardId/cardsByCustomField/:customFieldId/:customFieldValue',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
const paramCustomFieldId = req.params.customFieldId;
const paramCustomFieldValue = req.params.customFieldValue;
Authentication.checkBoardAccess(req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Cards.find({