apitech
/
wekan
mirror of https://github.com/wekan/wekan
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Changed GET /api/boards/:id to allow access by the normally also allowed users.

Browse Source
reviewable/pr1041/r2
mayjs 8 years ago
parent ef6f2e8d62
commit 95e2025ff9
1 changed files with 5 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      models/boards.js

7
models/boards.js
Unescape View File

@ -557,7 +557,6 @@ if (Meteor.isServer) {
//BOARDS REST API
if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/user/boards', function (req, res, next) {
// TODO: This should be changed to be less restrictive!
Authentication.checkLoggedIn(req.userId);
const data = Boards.find({
@ -589,8 +588,12 @@ if (Meteor.isServer) {
});
JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
Authentication.checkUserId( req.userId);
Authentication.checkLoggedIn( req.userId);
const id = req.params.id;
const board = Boards.findOne({ _id: id });
const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
Authentication.checkAdminOrCondition(req.userId, normalAccess);
JsonRoutes.sendResult(res, {
code: 200,
data: Boards.findOne({ _id: id }),

Write Preview
Loading…
Cancel
Save