Extracted board access check function

models/boards.js

@@ -588,11 +588,8 @@ if (Meteor.isServer) {
   });
 
   JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
-    Authentication.checkLoggedIn( req.userId);
     const id = req.params.id;
-    const board = Boards.findOne({ _id: id });
-    const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
-    Authentication.checkAdminOrCondition(req.userId, normalAccess);
+    Authentication.checkBoardAccess( req.userId, id);
 
     JsonRoutes.sendResult(res, {
       code: 200,

server/authentication.js

@@ -39,5 +39,14 @@ Meteor.startup(() => {
     }
   }
 
+  // Helper function. Will throw an error if the user does not have read only access to the given board
+  Authentication.checkBoardAccess = function(userId, boardId) {
+    Authentication.checkLoggedIn(userId);
+
+    const board = Boards.findOne({ _id: boardId });
+    const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId);
+    Authentication.checkAdminOrCondition(userId, normalAccess);
+  }
+
 });