apitech
/
wekan
mirror of https://github.com/wekan/wekan
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The Open Source kanban (built with Meteor). Keep variable/table/field names camelCase. For translations, only add Pull Request changes to wekan/i18n/en.i18n.json , other translations are done at https://transifex.com/wekan/wekan only.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1883 Commits
1 Branch
818 Tags
111 MiB
Tag: Branch: Tree: c12e003fd3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c12e003fd3'
${ noResults }
wekan/server/authentication.js

59 lines
1.8 KiB
Raw Normal View History Unescape

add token authentication, only admin can use api
8 years ago
Meteor.startup(() => {
Add the ability for the admin : - disabling a login for a user (not himself) - enabling a login for a user - transfering the ownership of all user's boards to himself
8 years ago
Accounts.validateLoginAttempt(function (options) {
Fix: Error after sending invitation and joining board: Exception while invoking method 'login' TypeError: Cannot read property 'loginDisabled' of undefined. Thanks to nztqa ! Closes #1331
8 years ago
const user = options.user || {};
return !user.loginDisabled;
Add the ability for the admin : - disabling a login for a user (not himself) - enabling a login for a user - transfering the ownership of all user's boards to himself
8 years ago
});
add token authentication, only admin can use api
8 years ago
Authentication = {};
Authentication.checkUserId = function (userId) {
if (userId === undefined) {
const error = new Meteor.Error('Unauthorized', 'Unauthorized');
error.statusCode = 401;
throw error;
}
const admin = Users.findOne({ _id: userId, isAdmin: true });
if (admin === undefined) {
const error = new Meteor.Error('Forbidden', 'Forbidden');
error.statusCode = 403;
throw error;
}
};
Added a non restrictive authentication function
8 years ago
// This will only check if the user is logged in.
// The authorization checks for the user will have to be done inside each API endpoint
Authentication.checkLoggedIn = function(userId) {
if(userId === undefined) {
const error = new Meteor.Error('Unauthorized', 'Unauthorized');
error.statusCode = 401;
throw error;
}
};
Added a simple authorization function
8 years ago
// An admin should be authorized to access everything, so we use a separate check for admins
// This throws an error if otherReq is false and the user is not an admin
Authentication.checkAdminOrCondition = function(userId, otherReq) {
if(otherReq) return;
const admin = Users.findOne({ _id: userId, isAdmin: true });
if (admin === undefined) {
const error = new Meteor.Error('Forbidden', 'Forbidden');
error.statusCode = 403;
throw error;
}
Fixed eslint errors
8 years ago
};
Added a simple authorization function
8 years ago
Extracted board access check function
8 years ago
// Helper function. Will throw an error if the user does not have read only access to the given board
Authentication.checkBoardAccess = function(userId, boardId) {
Authentication.checkLoggedIn(userId);
const board = Boards.findOne({ _id: boardId });
Fixed eslint errors
8 years ago
const normalAccess = board.permission === 'public' || board.members.some((e) => e.userId === userId);
Extracted board access check function
8 years ago
Authentication.checkAdminOrCondition(userId, normalAccess);
Fixed eslint errors
8 years ago
};
Extracted board access check function
8 years ago
add token authentication, only admin can use api
8 years ago
});