Halaman utama Jelajahi Bantuan
Masuk
mirrors
/
wekan
cermin dari https://github.com/wekan/wekan.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Extracted board access check function

mayjs 8 tahun lalu
induk
95e2025ff9
melakukan
1e8d9f02f3
2 mengubah file dengan 10 tambahan dan 4 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 1 4
      models/boards.js
  2. 9 0
      server/authentication.js

+ 1 - 4
models/boards.js
Tampilan Berkas 

@@ -588,11 +588,8 @@ if (Meteor.isServer) {
 
   });
 
 
   JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
 
-    Authentication.checkLoggedIn( req.userId);
 
     const id = req.params.id;
 
-    const board = Boards.findOne({ _id: id });
 
-    const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
 
-    Authentication.checkAdminOrCondition(req.userId, normalAccess);
 
+    Authentication.checkBoardAccess( req.userId, id);
 
 
     JsonRoutes.sendResult(res, {
 
       code: 200,

+ 9 - 0
server/authentication.js
Tampilan Berkas 

@@ -39,5 +39,14 @@ Meteor.startup(() => {
 
     }
 
   }
 
 
+  // Helper function. Will throw an error if the user does not have read only access to the given board
 
+  Authentication.checkBoardAccess = function(userId, boardId) {
 
+    Authentication.checkLoggedIn(userId);
 
+
 
+    const board = Boards.findOne({ _id: boardId });
 
+    const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId);
 
+    Authentication.checkAdminOrCondition(userId, normalAccess);
 
+  }
 
+
 
 });