Implemented the change of /api/user/boards as proposed by huneau

8 years ago · 058aabff68
parent 4ff906bd7b
commit 058aabff68
1 changed files with 5 additions and 1 deletions
--- a/models/boards.js
+++ b/models/boards.js
@ -556,8 +556,12 @@ if (Meteor.isServer) {

 //BOARDS REST API
 if (Meteor.isServer) {
-  JsonRoutes.add('GET', '/api/user/boards', function (req, res, next) {
+  JsonRoutes.add('GET', '/api/user/:userId/boards', function (req, res, next) {
    Authentication.checkLoggedIn(req.userId);
+    const paramUserId = req.params.userId;
+    // A normal user should be able to see their own boards,
+    // admins can access boards of any user
+    Authentication.checkAdminOrCondition(req.userId, req.userId === paramUserId);

    const data = Boards.find({
      archived: false,