Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-03 16:18:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed REST API, it shoud work now by Admin user.

Browse source 
Reverted Allow board members to use more of API of Wekan v5.35
a719e8fda1

Thanks to tomhughes.

Fixes #4009,
fixes #2793,
fixes #2790
This commit is contained in:
Lauri Ojansivu 2021-09-25 18:09:18 +03:00
parent 5b5094ced6
commit e3a0dea85f
8 changed files with 38 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

7
models/checklistItems.js
View file

@ -265,8 +265,8 @@ if (Meteor.isServer) {
'GET',
'/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItemId = req.params.itemId;
const checklistItem = ChecklistItems.findOne({ _id: paramItemId });
if (checklistItem) {
@ -299,9 +299,8 @@ if (Meteor.isServer) {
'PUT',
'/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItemId = req.params.itemId;
function isTrue(data) {
@ -351,8 +350,8 @@ if (Meteor.isServer) {
'DELETE',
'/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
function(req, res) {
Authentication.checkUserId(req.userId);
const paramBoardId = req.params.boardId;
Authentication.checkBoardAccess(req.userId, paramBoardId);
const paramItemId = req.params.itemId;
ChecklistItems.direct.remove({ _id: paramItemId });
JsonRoutes.sendResult(res, {