apitech
/
wekan
mirror of https://github.com/wekan/wekan
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'fix-files-access' of https://github.com/GhassenRjab/wekan into GhassenRjab-fix-files-access

Browse Source
pull/1156/head
Lauri Ojansivu 8 years ago
parent bda15daa78 f521b7949a
commit a9d4538d53
1 changed files with 6 additions and 12 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 18
      models/attachments.js

18
models/attachments.js
Unescape View File

@ -21,19 +21,13 @@ if (Meteor.isServer) {
// We authorize the attachment download either: // We authorize the attachment download either:
// - if the board is public, everyone (even unconnected) can download it // - if the board is public, everyone (even unconnected) can download it
// - if the board is private, only board members can download it // - if the board is private, only board members can download it
//
// XXX We have a bug with the `userId` verification:
//
// https://github.com/CollectionFS/Meteor-CollectionFS/issues/449
//
download(userId, doc) { download(userId, doc) {
const query = { const board = Boards.findOne(doc.boardId);
$or: [ if (board.isPublic()) {
{ 'members.userId': userId }, return true;
{ permission: 'public' }, } else {
], return board.hasMember(userId);
}; }
return Boolean(Boards.findOne(doc.boardId, query));
}, },
fetch: ['boardId'], fetch: ['boardId'],

Write Preview
Loading…
Cancel
Save