|
|
@@ -1,4 +1,5 @@
|
|
|
import { SyncedCron } from 'meteor/percolate:synced-cron';
|
|
|
+import ImpersonatedUsers from './impersonatedUsers';
|
|
|
|
|
|
// Sandstorm context is detected using the METEOR_SETTINGS environment variable
|
|
|
// in the package definition.
|
|
|
@@ -67,7 +68,9 @@ Users.attachSchema(
|
|
|
if (this.isInsert) {
|
|
|
return new Date();
|
|
|
} else if (this.isUpsert) {
|
|
|
- return { $setOnInsert: new Date() };
|
|
|
+ return {
|
|
|
+ $setOnInsert: new Date(),
|
|
|
+ };
|
|
|
} else {
|
|
|
this.unset();
|
|
|
}
|
|
|
@@ -350,7 +353,9 @@ Users.attachSchema(
|
|
|
|
|
|
Users.allow({
|
|
|
update(userId, doc) {
|
|
|
- const user = Users.findOne({ _id: userId });
|
|
|
+ const user = Users.findOne({
|
|
|
+ _id: userId,
|
|
|
+ });
|
|
|
if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin))
|
|
|
return true;
|
|
|
if (!user) {
|
|
|
@@ -359,10 +364,18 @@ Users.allow({
|
|
|
return doc._id === userId;
|
|
|
},
|
|
|
remove(userId, doc) {
|
|
|
- const adminsNumber = Users.find({ isAdmin: true }).count();
|
|
|
+ const adminsNumber = Users.find({
|
|
|
+ isAdmin: true,
|
|
|
+ }).count();
|
|
|
const { isAdmin } = Users.findOne(
|
|
|
- { _id: userId },
|
|
|
- { fields: { isAdmin: 1 } },
|
|
|
+ {
|
|
|
+ _id: userId,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ fields: {
|
|
|
+ isAdmin: 1,
|
|
|
+ },
|
|
|
+ },
|
|
|
);
|
|
|
|
|
|
// Prevents remove of the only one administrator
|
|
|
@@ -440,7 +453,7 @@ if (Meteor.isClient) {
|
|
|
});
|
|
|
}
|
|
|
|
|
|
-Users.parseImportUsernames = usernamesString => {
|
|
|
+Users.parseImportUsernames = (usernamesString) => {
|
|
|
return usernamesString.trim().split(new RegExp('\\s*[,;]\\s*'));
|
|
|
};
|
|
|
|
|
|
@@ -454,17 +467,30 @@ Users.helpers({
|
|
|
|
|
|
boards() {
|
|
|
return Boards.find(
|
|
|
- { 'members.userId': this._id },
|
|
|
- { sort: { sort: 1 /* boards default sorting */ } },
|
|
|
+ {
|
|
|
+ 'members.userId': this._id,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ sort: {
|
|
|
+ sort: 1 /* boards default sorting */,
|
|
|
+ },
|
|
|
+ },
|
|
|
);
|
|
|
},
|
|
|
|
|
|
starredBoards() {
|
|
|
const { starredBoards = [] } = this.profile || {};
|
|
|
return Boards.find(
|
|
|
- { archived: false, _id: { $in: starredBoards } },
|
|
|
{
|
|
|
- sort: { sort: 1 /* boards default sorting */ },
|
|
|
+ archived: false,
|
|
|
+ _id: {
|
|
|
+ $in: starredBoards,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ {
|
|
|
+ sort: {
|
|
|
+ sort: 1 /* boards default sorting */,
|
|
|
+ },
|
|
|
},
|
|
|
);
|
|
|
},
|
|
|
@@ -477,9 +503,16 @@ Users.helpers({
|
|
|
invitedBoards() {
|
|
|
const { invitedBoards = [] } = this.profile || {};
|
|
|
return Boards.find(
|
|
|
- { archived: false, _id: { $in: invitedBoards } },
|
|
|
{
|
|
|
- sort: { sort: 1 /* boards default sorting */ },
|
|
|
+ archived: false,
|
|
|
+ _id: {
|
|
|
+ $in: invitedBoards,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ {
|
|
|
+ sort: {
|
|
|
+ sort: 1 /* boards default sorting */,
|
|
|
+ },
|
|
|
},
|
|
|
);
|
|
|
},
|
|
|
@@ -611,7 +644,9 @@ Users.helpers({
|
|
|
},
|
|
|
|
|
|
remove() {
|
|
|
- User.remove({ _id: this._id });
|
|
|
+ User.remove({
|
|
|
+ _id: this._id,
|
|
|
+ });
|
|
|
},
|
|
|
});
|
|
|
|
|
|
@@ -714,7 +749,9 @@ Users.mutations({
|
|
|
addNotification(activityId) {
|
|
|
return {
|
|
|
$addToSet: {
|
|
|
- 'profile.notifications': { activity: activityId },
|
|
|
+ 'profile.notifications': {
|
|
|
+ activity: activityId,
|
|
|
+ },
|
|
|
},
|
|
|
};
|
|
|
},
|
|
|
@@ -722,7 +759,9 @@ Users.mutations({
|
|
|
removeNotification(activityId) {
|
|
|
return {
|
|
|
$pull: {
|
|
|
- 'profile.notifications': { activity: activityId },
|
|
|
+ 'profile.notifications': {
|
|
|
+ activity: activityId,
|
|
|
+ },
|
|
|
},
|
|
|
};
|
|
|
},
|
|
|
@@ -744,15 +783,27 @@ Users.mutations({
|
|
|
},
|
|
|
|
|
|
setAvatarUrl(avatarUrl) {
|
|
|
- return { $set: { 'profile.avatarUrl': avatarUrl } };
|
|
|
+ return {
|
|
|
+ $set: {
|
|
|
+ 'profile.avatarUrl': avatarUrl,
|
|
|
+ },
|
|
|
+ };
|
|
|
},
|
|
|
|
|
|
setShowCardsCountAt(limit) {
|
|
|
- return { $set: { 'profile.showCardsCountAt': limit } };
|
|
|
+ return {
|
|
|
+ $set: {
|
|
|
+ 'profile.showCardsCountAt': limit,
|
|
|
+ },
|
|
|
+ };
|
|
|
},
|
|
|
|
|
|
setStartDayOfWeek(startDay) {
|
|
|
- return { $set: { 'profile.startDayOfWeek': startDay } };
|
|
|
+ return {
|
|
|
+ $set: {
|
|
|
+ 'profile.startDayOfWeek': startDay,
|
|
|
+ },
|
|
|
+ };
|
|
|
},
|
|
|
|
|
|
setBoardView(view) {
|
|
|
@@ -801,15 +852,33 @@ if (Meteor.isServer) {
|
|
|
if (Meteor.user() && Meteor.user().isAdmin) {
|
|
|
// If setting is missing, add it
|
|
|
Users.update(
|
|
|
- { 'profile.hiddenSystemMessages': { $exists: false } },
|
|
|
- { $set: { 'profile.hiddenSystemMessages': true } },
|
|
|
- { multi: true },
|
|
|
+ {
|
|
|
+ 'profile.hiddenSystemMessages': {
|
|
|
+ $exists: false,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ {
|
|
|
+ $set: {
|
|
|
+ 'profile.hiddenSystemMessages': true,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ {
|
|
|
+ multi: true,
|
|
|
+ },
|
|
|
);
|
|
|
// If setting is false, set it to true
|
|
|
Users.update(
|
|
|
- { 'profile.hiddenSystemMessages': false },
|
|
|
- { $set: { 'profile.hiddenSystemMessages': true } },
|
|
|
- { multi: true },
|
|
|
+ {
|
|
|
+ 'profile.hiddenSystemMessages': false,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ $set: {
|
|
|
+ 'profile.hiddenSystemMessages': true,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ {
|
|
|
+ multi: true,
|
|
|
+ },
|
|
|
);
|
|
|
return true;
|
|
|
} else {
|
|
|
@@ -836,8 +905,12 @@ if (Meteor.isServer) {
|
|
|
check(email, String);
|
|
|
check(importUsernames, Array);
|
|
|
|
|
|
- const nUsersWithUsername = Users.find({ username }).count();
|
|
|
- const nUsersWithEmail = Users.find({ email }).count();
|
|
|
+ const nUsersWithUsername = Users.find({
|
|
|
+ username,
|
|
|
+ }).count();
|
|
|
+ const nUsersWithEmail = Users.find({
|
|
|
+ email,
|
|
|
+ }).count();
|
|
|
if (nUsersWithUsername > 0) {
|
|
|
throw new Meteor.Error('username-already-taken');
|
|
|
} else if (nUsersWithEmail > 0) {
|
|
|
@@ -851,7 +924,11 @@ if (Meteor.isServer) {
|
|
|
email: email.toLowerCase(),
|
|
|
from: 'admin',
|
|
|
});
|
|
|
- const user = Users.findOne(username) || Users.findOne({ username });
|
|
|
+ const user =
|
|
|
+ Users.findOne(username) ||
|
|
|
+ Users.findOne({
|
|
|
+ username,
|
|
|
+ });
|
|
|
if (user) {
|
|
|
Users.update(user._id, {
|
|
|
$set: {
|
|
|
@@ -868,11 +945,17 @@ if (Meteor.isServer) {
|
|
|
if (Meteor.user() && Meteor.user().isAdmin) {
|
|
|
check(username, String);
|
|
|
check(userId, String);
|
|
|
- const nUsersWithUsername = Users.find({ username }).count();
|
|
|
+ const nUsersWithUsername = Users.find({
|
|
|
+ username,
|
|
|
+ }).count();
|
|
|
if (nUsersWithUsername > 0) {
|
|
|
throw new Meteor.Error('username-already-taken');
|
|
|
} else {
|
|
|
- Users.update(userId, { $set: { username } });
|
|
|
+ Users.update(userId, {
|
|
|
+ $set: {
|
|
|
+ username,
|
|
|
+ },
|
|
|
+ });
|
|
|
}
|
|
|
}
|
|
|
},
|
|
|
@@ -883,8 +966,14 @@ if (Meteor.isServer) {
|
|
|
}
|
|
|
check(email, String);
|
|
|
const existingUser = Users.findOne(
|
|
|
- { 'emails.address': email },
|
|
|
- { fields: { _id: 1 } },
|
|
|
+ {
|
|
|
+ 'emails.address': email,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ fields: {
|
|
|
+ _id: 1,
|
|
|
+ },
|
|
|
+ },
|
|
|
);
|
|
|
if (existingUser) {
|
|
|
throw new Meteor.Error('email-already-taken');
|
|
|
@@ -963,7 +1052,9 @@ if (Meteor.isServer) {
|
|
|
board &&
|
|
|
board.members &&
|
|
|
_.contains(_.pluck(board.members, 'userId'), inviter._id) &&
|
|
|
- _.where(board.members, { userId: inviter._id })[0].isActive;
|
|
|
+ _.where(board.members, {
|
|
|
+ userId: inviter._id,
|
|
|
+ })[0].isActive;
|
|
|
// GitHub issue 2060
|
|
|
//_.where(board.members, { userId: inviter._id })[0].isAdmin;
|
|
|
if (!allowInvite) throw new Meteor.Error('error-board-notAMember');
|
|
|
@@ -973,22 +1064,39 @@ if (Meteor.isServer) {
|
|
|
const posAt = username.indexOf('@');
|
|
|
let user = null;
|
|
|
if (posAt >= 0) {
|
|
|
- user = Users.findOne({ emails: { $elemMatch: { address: username } } });
|
|
|
+ user = Users.findOne({
|
|
|
+ emails: {
|
|
|
+ $elemMatch: {
|
|
|
+ address: username,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ });
|
|
|
} else {
|
|
|
- user = Users.findOne(username) || Users.findOne({ username });
|
|
|
+ user =
|
|
|
+ Users.findOne(username) ||
|
|
|
+ Users.findOne({
|
|
|
+ username,
|
|
|
+ });
|
|
|
}
|
|
|
if (user) {
|
|
|
if (user._id === inviter._id)
|
|
|
throw new Meteor.Error('error-user-notAllowSelf');
|
|
|
} else {
|
|
|
if (posAt <= 0) throw new Meteor.Error('error-user-doesNotExist');
|
|
|
- if (Settings.findOne({ disableRegistration: true })) {
|
|
|
+ if (
|
|
|
+ Settings.findOne({
|
|
|
+ disableRegistration: true,
|
|
|
+ })
|
|
|
+ ) {
|
|
|
throw new Meteor.Error('error-user-notCreated');
|
|
|
}
|
|
|
// Set in lowercase email before creating account
|
|
|
const email = username.toLowerCase();
|
|
|
username = email.substring(0, posAt);
|
|
|
- const newUserId = Accounts.createUser({ username, email });
|
|
|
+ const newUserId = Accounts.createUser({
|
|
|
+ username,
|
|
|
+ email,
|
|
|
+ });
|
|
|
if (!newUserId) throw new Meteor.Error('error-user-notCreated');
|
|
|
// assume new user speak same language with inviter
|
|
|
if (inviter.profile && inviter.profile.language) {
|
|
|
@@ -1032,7 +1140,10 @@ if (Meteor.isServer) {
|
|
|
} catch (e) {
|
|
|
throw new Meteor.Error('email-fail', e.message);
|
|
|
}
|
|
|
- return { username: user.username, email: user.emails[0].address };
|
|
|
+ return {
|
|
|
+ username: user.username,
|
|
|
+ email: user.emails[0].address,
|
|
|
+ };
|
|
|
},
|
|
|
impersonate(userId) {
|
|
|
check(userId, String);
|
|
|
@@ -1042,8 +1153,16 @@ if (Meteor.isServer) {
|
|
|
if (!Meteor.user().isAdmin)
|
|
|
throw new Meteor.Error(403, 'Permission denied');
|
|
|
|
|
|
+ ImpersonatedUsers.insert({ adminId: Meteor.user()._id, userId: userId, reason: 'clickedImpersonate' });
|
|
|
this.setUserId(userId);
|
|
|
},
|
|
|
+ isImpersonated(userId) {
|
|
|
+ check(userId, String);
|
|
|
+ const isImpersonated = ImpersonatedUsers.findOne({
|
|
|
+ userId: userId,
|
|
|
+ });
|
|
|
+ return isImpersonated;
|
|
|
+ },
|
|
|
});
|
|
|
Accounts.onCreateUser((options, user) => {
|
|
|
const userCount = Users.find().count();
|
|
|
@@ -1059,7 +1178,12 @@ if (Meteor.isServer) {
|
|
|
}
|
|
|
email = email.toLowerCase();
|
|
|
user.username = user.services.oidc.username;
|
|
|
- user.emails = [{ address: email, verified: true }];
|
|
|
+ user.emails = [
|
|
|
+ {
|
|
|
+ address: email,
|
|
|
+ verified: true,
|
|
|
+ },
|
|
|
+ ];
|
|
|
const initials = user.services.oidc.fullname
|
|
|
.split(/\s+/)
|
|
|
.reduce((memo, word) => {
|
|
|
@@ -1075,7 +1199,14 @@ if (Meteor.isServer) {
|
|
|
|
|
|
// see if any existing user has this email address or username, otherwise create new
|
|
|
const existingUser = Meteor.users.findOne({
|
|
|
- $or: [{ 'emails.address': email }, { username: user.username }],
|
|
|
+ $or: [
|
|
|
+ {
|
|
|
+ 'emails.address': email,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ username: user.username,
|
|
|
+ },
|
|
|
+ ],
|
|
|
});
|
|
|
if (!existingUser) return user;
|
|
|
|
|
|
@@ -1087,8 +1218,12 @@ if (Meteor.isServer) {
|
|
|
existingUser.profile = user.profile;
|
|
|
existingUser.authenticationMethod = user.authenticationMethod;
|
|
|
|
|
|
- Meteor.users.remove({ _id: user._id });
|
|
|
- Meteor.users.remove({ _id: existingUser._id }); // is going to be created again
|
|
|
+ Meteor.users.remove({
|
|
|
+ _id: user._id,
|
|
|
+ });
|
|
|
+ Meteor.users.remove({
|
|
|
+ _id: existingUser._id,
|
|
|
+ }); // is going to be created again
|
|
|
return existingUser;
|
|
|
}
|
|
|
|
|
|
@@ -1127,13 +1262,17 @@ if (Meteor.isServer) {
|
|
|
"The invitation code doesn't exist",
|
|
|
);
|
|
|
} else {
|
|
|
- user.profile = { icode: options.profile.invitationcode };
|
|
|
+ user.profile = {
|
|
|
+ icode: options.profile.invitationcode,
|
|
|
+ };
|
|
|
user.profile.boardView = 'board-view-swimlanes';
|
|
|
|
|
|
// Deletes the invitation code after the user was created successfully.
|
|
|
setTimeout(
|
|
|
Meteor.bindEnvironment(() => {
|
|
|
- InvitationCodes.remove({ _id: invitationCode._id });
|
|
|
+ InvitationCodes.remove({
|
|
|
+ _id: invitationCode._id,
|
|
|
+ });
|
|
|
}),
|
|
|
200,
|
|
|
);
|
|
|
@@ -1153,7 +1292,7 @@ const addCronJob = _.debounce(
|
|
|
|
|
|
SyncedCron.add({
|
|
|
name: 'notification_cleanup',
|
|
|
- schedule: parser => parser.text('every 1 days'),
|
|
|
+ schedule: (parser) => parser.text('every 1 days'),
|
|
|
job: () => {
|
|
|
for (const user of Users.find()) {
|
|
|
if (!user.profile || !user.profile.notifications) continue;
|
|
|
@@ -1178,15 +1317,19 @@ const addCronJob = _.debounce(
|
|
|
if (Meteor.isServer) {
|
|
|
// Let mongoDB ensure username unicity
|
|
|
Meteor.startup(() => {
|
|
|
- allowedSortValues.forEach(value => {
|
|
|
+ allowedSortValues.forEach((value) => {
|
|
|
Lists._collection._ensureIndex(value);
|
|
|
});
|
|
|
- Users._collection._ensureIndex({ modifiedAt: -1 });
|
|
|
+ Users._collection._ensureIndex({
|
|
|
+ modifiedAt: -1,
|
|
|
+ });
|
|
|
Users._collection._ensureIndex(
|
|
|
{
|
|
|
username: 1,
|
|
|
},
|
|
|
- { unique: true },
|
|
|
+ {
|
|
|
+ unique: true,
|
|
|
+ },
|
|
|
);
|
|
|
Meteor.defer(() => {
|
|
|
addCronJob();
|
|
|
@@ -1215,7 +1358,7 @@ if (Meteor.isServer) {
|
|
|
// counter.
|
|
|
// We need to run this code on the server only, otherwise the incrementation
|
|
|
// will be done twice.
|
|
|
- Users.after.update(function(userId, user, fieldNames) {
|
|
|
+ Users.after.update(function (userId, user, fieldNames) {
|
|
|
// The `starredBoards` list is hosted on the `profile` field. If this
|
|
|
// field hasn't been modificated we don't need to run this hook.
|
|
|
if (!_.contains(fieldNames, 'profile')) return;
|
|
|
@@ -1233,8 +1376,12 @@ if (Meteor.isServer) {
|
|
|
// b. We use it to find deleted and newly inserted ids by using it in one
|
|
|
// direction and then in the other.
|
|
|
function incrementBoards(boardsIds, inc) {
|
|
|
- boardsIds.forEach(boardId => {
|
|
|
- Boards.update(boardId, { $inc: { stars: inc } });
|
|
|
+ boardsIds.forEach((boardId) => {
|
|
|
+ Boards.update(boardId, {
|
|
|
+ $inc: {
|
|
|
+ stars: inc,
|
|
|
+ },
|
|
|
+ });
|
|
|
});
|
|
|
}
|
|
|
|
|
|
@@ -1258,23 +1405,23 @@ if (Meteor.isServer) {
|
|
|
|
|
|
fakeUserId.withValue(doc._id, () => {
|
|
|
/*
|
|
|
- // Insert the Welcome Board
|
|
|
- Boards.insert({
|
|
|
- title: TAPi18n.__('welcome-board'),
|
|
|
- permission: 'private',
|
|
|
- }, fakeUser, (err, boardId) => {
|
|
|
-
|
|
|
- Swimlanes.insert({
|
|
|
- title: TAPi18n.__('welcome-swimlane'),
|
|
|
- boardId,
|
|
|
- sort: 1,
|
|
|
- }, fakeUser);
|
|
|
-
|
|
|
- ['welcome-list1', 'welcome-list2'].forEach((title, titleIndex) => {
|
|
|
- Lists.insert({title: TAPi18n.__(title), boardId, sort: titleIndex}, fakeUser);
|
|
|
- });
|
|
|
- });
|
|
|
- */
|
|
|
+ // Insert the Welcome Board
|
|
|
+ Boards.insert({
|
|
|
+ title: TAPi18n.__('welcome-board'),
|
|
|
+ permission: 'private',
|
|
|
+ }, fakeUser, (err, boardId) => {
|
|
|
+
|
|
|
+ Swimlanes.insert({
|
|
|
+ title: TAPi18n.__('welcome-swimlane'),
|
|
|
+ boardId,
|
|
|
+ sort: 1,
|
|
|
+ }, fakeUser);
|
|
|
+
|
|
|
+ ['welcome-list1', 'welcome-list2'].forEach((title, titleIndex) => {
|
|
|
+ Lists.insert({title: TAPi18n.__(title), boardId, sort: titleIndex}, fakeUser);
|
|
|
+ });
|
|
|
+ });
|
|
|
+ */
|
|
|
|
|
|
const Future = require('fibers/future');
|
|
|
const future1 = new Future();
|
|
|
@@ -1290,7 +1437,9 @@ if (Meteor.isServer) {
|
|
|
(err, boardId) => {
|
|
|
// Insert the reference to our templates board
|
|
|
Users.update(fakeUserId.get(), {
|
|
|
- $set: { 'profile.templatesBoardId': boardId },
|
|
|
+ $set: {
|
|
|
+ 'profile.templatesBoardId': boardId,
|
|
|
+ },
|
|
|
});
|
|
|
|
|
|
// Insert the card templates swimlane
|
|
|
@@ -1305,7 +1454,9 @@ if (Meteor.isServer) {
|
|
|
(err, swimlaneId) => {
|
|
|
// Insert the reference to out card templates swimlane
|
|
|
Users.update(fakeUserId.get(), {
|
|
|
- $set: { 'profile.cardTemplatesSwimlaneId': swimlaneId },
|
|
|
+ $set: {
|
|
|
+ 'profile.cardTemplatesSwimlaneId': swimlaneId,
|
|
|
+ },
|
|
|
});
|
|
|
future1.return();
|
|
|
},
|
|
|
@@ -1323,7 +1474,9 @@ if (Meteor.isServer) {
|
|
|
(err, swimlaneId) => {
|
|
|
// Insert the reference to out list templates swimlane
|
|
|
Users.update(fakeUserId.get(), {
|
|
|
- $set: { 'profile.listTemplatesSwimlaneId': swimlaneId },
|
|
|
+ $set: {
|
|
|
+ 'profile.listTemplatesSwimlaneId': swimlaneId,
|
|
|
+ },
|
|
|
});
|
|
|
future2.return();
|
|
|
},
|
|
|
@@ -1341,7 +1494,9 @@ if (Meteor.isServer) {
|
|
|
(err, swimlaneId) => {
|
|
|
// Insert the reference to out board templates swimlane
|
|
|
Users.update(fakeUserId.get(), {
|
|
|
- $set: { 'profile.boardTemplatesSwimlaneId': swimlaneId },
|
|
|
+ $set: {
|
|
|
+ 'profile.boardTemplatesSwimlaneId': swimlaneId,
|
|
|
+ },
|
|
|
});
|
|
|
future3.return();
|
|
|
},
|
|
|
@@ -1358,7 +1513,9 @@ if (Meteor.isServer) {
|
|
|
|
|
|
Users.after.insert((userId, doc) => {
|
|
|
// HACK
|
|
|
- doc = Users.findOne({ _id: doc._id });
|
|
|
+ doc = Users.findOne({
|
|
|
+ _id: doc._id,
|
|
|
+ });
|
|
|
if (doc.createdThroughApi) {
|
|
|
// The admin user should be able to create a user despite disabling registration because
|
|
|
// it is two different things (registration and creation).
|
|
|
@@ -1366,7 +1523,11 @@ if (Meteor.isServer) {
|
|
|
// the disableRegistration check.
|
|
|
// Issue : https://github.com/wekan/wekan/issues/1232
|
|
|
// PR : https://github.com/wekan/wekan/pull/1251
|
|
|
- Users.update(doc._id, { $set: { createdThroughApi: '' } });
|
|
|
+ Users.update(doc._id, {
|
|
|
+ $set: {
|
|
|
+ createdThroughApi: '',
|
|
|
+ },
|
|
|
+ });
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
@@ -1382,7 +1543,7 @@ if (Meteor.isServer) {
|
|
|
if (!invitationCode) {
|
|
|
throw new Meteor.Error('error-invitation-code-not-exist');
|
|
|
} else {
|
|
|
- invitationCode.boardsToBeInvited.forEach(boardId => {
|
|
|
+ invitationCode.boardsToBeInvited.forEach((boardId) => {
|
|
|
const board = Boards.findOne(boardId);
|
|
|
board.addMember(doc._id);
|
|
|
});
|
|
|
@@ -1390,8 +1551,16 @@ if (Meteor.isServer) {
|
|
|
doc.profile = {};
|
|
|
}
|
|
|
doc.profile.invitedBoards = invitationCode.boardsToBeInvited;
|
|
|
- Users.update(doc._id, { $set: { profile: doc.profile } });
|
|
|
- InvitationCodes.update(invitationCode._id, { $set: { valid: false } });
|
|
|
+ Users.update(doc._id, {
|
|
|
+ $set: {
|
|
|
+ profile: doc.profile,
|
|
|
+ },
|
|
|
+ });
|
|
|
+ InvitationCodes.update(invitationCode._id, {
|
|
|
+ $set: {
|
|
|
+ valid: false,
|
|
|
+ },
|
|
|
+ });
|
|
|
}
|
|
|
}
|
|
|
});
|
|
|
@@ -1400,12 +1569,14 @@ if (Meteor.isServer) {
|
|
|
// USERS REST API
|
|
|
if (Meteor.isServer) {
|
|
|
// Middleware which checks that API is enabled.
|
|
|
- JsonRoutes.Middleware.use(function(req, res, next) {
|
|
|
+ JsonRoutes.Middleware.use(function (req, res, next) {
|
|
|
const api = req.url.startsWith('/api');
|
|
|
if ((api === true && process.env.WITH_API === 'true') || api === false) {
|
|
|
return next();
|
|
|
} else {
|
|
|
- res.writeHead(301, { Location: '/' });
|
|
|
+ res.writeHead(301, {
|
|
|
+ Location: '/',
|
|
|
+ });
|
|
|
return res.end();
|
|
|
}
|
|
|
});
|
|
|
@@ -1416,10 +1587,12 @@ if (Meteor.isServer) {
|
|
|
* @summary returns the current user
|
|
|
* @return_type Users
|
|
|
*/
|
|
|
- JsonRoutes.add('GET', '/api/user', function(req, res) {
|
|
|
+ JsonRoutes.add('GET', '/api/user', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkLoggedIn(req.userId);
|
|
|
- const data = Meteor.users.findOne({ _id: req.userId });
|
|
|
+ const data = Meteor.users.findOne({
|
|
|
+ _id: req.userId,
|
|
|
+ });
|
|
|
delete data.services;
|
|
|
|
|
|
// get all boards where the user is member of
|
|
|
@@ -1429,11 +1602,14 @@ if (Meteor.isServer) {
|
|
|
'members.userId': req.userId,
|
|
|
},
|
|
|
{
|
|
|
- fields: { _id: 1, members: 1 },
|
|
|
+ fields: {
|
|
|
+ _id: 1,
|
|
|
+ members: 1,
|
|
|
+ },
|
|
|
},
|
|
|
);
|
|
|
- boards = boards.map(b => {
|
|
|
- const u = b.members.find(m => m.userId === req.userId);
|
|
|
+ boards = boards.map((b) => {
|
|
|
+ const u = b.members.find((m) => m.userId === req.userId);
|
|
|
delete u.userId;
|
|
|
u.boardId = b._id;
|
|
|
return u;
|
|
|
@@ -1461,13 +1637,16 @@ if (Meteor.isServer) {
|
|
|
* @return_type [{ _id: string,
|
|
|
* username: string}]
|
|
|
*/
|
|
|
- JsonRoutes.add('GET', '/api/users', function(req, res) {
|
|
|
+ JsonRoutes.add('GET', '/api/users', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
JsonRoutes.sendResult(res, {
|
|
|
code: 200,
|
|
|
- data: Meteor.users.find({}).map(function(doc) {
|
|
|
- return { _id: doc._id, username: doc.username };
|
|
|
+ data: Meteor.users.find({}).map(function (doc) {
|
|
|
+ return {
|
|
|
+ _id: doc._id,
|
|
|
+ username: doc.username,
|
|
|
+ };
|
|
|
}),
|
|
|
});
|
|
|
} catch (error) {
|
|
|
@@ -1488,13 +1667,17 @@ if (Meteor.isServer) {
|
|
|
* @param {string} userId the user ID or username
|
|
|
* @return_type Users
|
|
|
*/
|
|
|
- JsonRoutes.add('GET', '/api/users/:userId', function(req, res) {
|
|
|
+ JsonRoutes.add('GET', '/api/users/:userId', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
let id = req.params.userId;
|
|
|
- let user = Meteor.users.findOne({ _id: id });
|
|
|
+ let user = Meteor.users.findOne({
|
|
|
+ _id: id,
|
|
|
+ });
|
|
|
if (!user) {
|
|
|
- user = Meteor.users.findOne({ username: id });
|
|
|
+ user = Meteor.users.findOne({
|
|
|
+ username: id,
|
|
|
+ });
|
|
|
id = user._id;
|
|
|
}
|
|
|
|
|
|
@@ -1505,11 +1688,14 @@ if (Meteor.isServer) {
|
|
|
'members.userId': id,
|
|
|
},
|
|
|
{
|
|
|
- fields: { _id: 1, members: 1 },
|
|
|
+ fields: {
|
|
|
+ _id: 1,
|
|
|
+ members: 1,
|
|
|
+ },
|
|
|
},
|
|
|
);
|
|
|
- boards = boards.map(b => {
|
|
|
- const u = b.members.find(m => m.userId === id);
|
|
|
+ boards = boards.map((b) => {
|
|
|
+ const u = b.members.find((m) => m.userId === id);
|
|
|
delete u.userId;
|
|
|
u.boardId = b._id;
|
|
|
return u;
|
|
|
@@ -1545,12 +1731,14 @@ if (Meteor.isServer) {
|
|
|
* @return_type {_id: string,
|
|
|
* title: string}
|
|
|
*/
|
|
|
- JsonRoutes.add('PUT', '/api/users/:userId', function(req, res) {
|
|
|
+ JsonRoutes.add('PUT', '/api/users/:userId', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
const id = req.params.userId;
|
|
|
const action = req.body.action;
|
|
|
- let data = Meteor.users.findOne({ _id: id });
|
|
|
+ let data = Meteor.users.findOne({
|
|
|
+ _id: id,
|
|
|
+ });
|
|
|
if (data !== undefined) {
|
|
|
if (action === 'takeOwnership') {
|
|
|
data = Boards.find(
|
|
|
@@ -1558,8 +1746,12 @@ if (Meteor.isServer) {
|
|
|
'members.userId': id,
|
|
|
'members.isAdmin': true,
|
|
|
},
|
|
|
- { sort: { sort: 1 /* boards default sorting */ } },
|
|
|
- ).map(function(board) {
|
|
|
+ {
|
|
|
+ sort: {
|
|
|
+ sort: 1 /* boards default sorting */,
|
|
|
+ },
|
|
|
+ },
|
|
|
+ ).map(function (board) {
|
|
|
if (board.hasMember(req.userId)) {
|
|
|
board.removeMember(req.userId);
|
|
|
}
|
|
|
@@ -1572,7 +1764,9 @@ if (Meteor.isServer) {
|
|
|
} else {
|
|
|
if (action === 'disableLogin' && id !== req.userId) {
|
|
|
Users.update(
|
|
|
- { _id: id },
|
|
|
+ {
|
|
|
+ _id: id,
|
|
|
+ },
|
|
|
{
|
|
|
$set: {
|
|
|
loginDisabled: true,
|
|
|
@@ -1581,9 +1775,20 @@ if (Meteor.isServer) {
|
|
|
},
|
|
|
);
|
|
|
} else if (action === 'enableLogin') {
|
|
|
- Users.update({ _id: id }, { $set: { loginDisabled: '' } });
|
|
|
+ Users.update(
|
|
|
+ {
|
|
|
+ _id: id,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ $set: {
|
|
|
+ loginDisabled: '',
|
|
|
+ },
|
|
|
+ },
|
|
|
+ );
|
|
|
}
|
|
|
- data = Meteor.users.findOne({ _id: id });
|
|
|
+ data = Meteor.users.findOne({
|
|
|
+ _id: id,
|
|
|
+ });
|
|
|
}
|
|
|
}
|
|
|
JsonRoutes.sendResult(res, {
|
|
|
@@ -1617,53 +1822,57 @@ if (Meteor.isServer) {
|
|
|
* @return_type {_id: string,
|
|
|
* title: string}
|
|
|
*/
|
|
|
- JsonRoutes.add('POST', '/api/boards/:boardId/members/:userId/add', function(
|
|
|
- req,
|
|
|
- res,
|
|
|
- ) {
|
|
|
- try {
|
|
|
- Authentication.checkUserId(req.userId);
|
|
|
- const userId = req.params.userId;
|
|
|
- const boardId = req.params.boardId;
|
|
|
- const action = req.body.action;
|
|
|
- const { isAdmin, isNoComments, isCommentOnly } = req.body;
|
|
|
- let data = Meteor.users.findOne({ _id: userId });
|
|
|
- if (data !== undefined) {
|
|
|
- if (action === 'add') {
|
|
|
- data = Boards.find({
|
|
|
- _id: boardId,
|
|
|
- }).map(function(board) {
|
|
|
- if (!board.hasMember(userId)) {
|
|
|
- board.addMember(userId);
|
|
|
- function isTrue(data) {
|
|
|
- return data.toLowerCase() === 'true';
|
|
|
+ JsonRoutes.add(
|
|
|
+ 'POST',
|
|
|
+ '/api/boards/:boardId/members/:userId/add',
|
|
|
+ function (req, res) {
|
|
|
+ try {
|
|
|
+ Authentication.checkUserId(req.userId);
|
|
|
+ const userId = req.params.userId;
|
|
|
+ const boardId = req.params.boardId;
|
|
|
+ const action = req.body.action;
|
|
|
+ const { isAdmin, isNoComments, isCommentOnly } = req.body;
|
|
|
+ let data = Meteor.users.findOne({
|
|
|
+ _id: userId,
|
|
|
+ });
|
|
|
+ if (data !== undefined) {
|
|
|
+ if (action === 'add') {
|
|
|
+ data = Boards.find({
|
|
|
+ _id: boardId,
|
|
|
+ }).map(function (board) {
|
|
|
+ if (!board.hasMember(userId)) {
|
|
|
+ board.addMember(userId);
|
|
|
+
|
|
|
+ function isTrue(data) {
|
|
|
+ return data.toLowerCase() === 'true';
|
|
|
+ }
|
|
|
+ board.setMemberPermission(
|
|
|
+ userId,
|
|
|
+ isTrue(isAdmin),
|
|
|
+ isTrue(isNoComments),
|
|
|
+ isTrue(isCommentOnly),
|
|
|
+ userId,
|
|
|
+ );
|
|
|
}
|
|
|
- board.setMemberPermission(
|
|
|
- userId,
|
|
|
- isTrue(isAdmin),
|
|
|
- isTrue(isNoComments),
|
|
|
- isTrue(isCommentOnly),
|
|
|
- userId,
|
|
|
- );
|
|
|
- }
|
|
|
- return {
|
|
|
- _id: board._id,
|
|
|
- title: board.title,
|
|
|
- };
|
|
|
- });
|
|
|
+ return {
|
|
|
+ _id: board._id,
|
|
|
+ title: board.title,
|
|
|
+ };
|
|
|
+ });
|
|
|
+ }
|
|
|
}
|
|
|
+ JsonRoutes.sendResult(res, {
|
|
|
+ code: 200,
|
|
|
+ data: query,
|
|
|
+ });
|
|
|
+ } catch (error) {
|
|
|
+ JsonRoutes.sendResult(res, {
|
|
|
+ code: 200,
|
|
|
+ data: error,
|
|
|
+ });
|
|
|
}
|
|
|
- JsonRoutes.sendResult(res, {
|
|
|
- code: 200,
|
|
|
- data: query,
|
|
|
- });
|
|
|
- } catch (error) {
|
|
|
- JsonRoutes.sendResult(res, {
|
|
|
- code: 200,
|
|
|
- data: error,
|
|
|
- });
|
|
|
- }
|
|
|
- });
|
|
|
+ },
|
|
|
+ );
|
|
|
|
|
|
/**
|
|
|
* @operation remove_board_member
|
|
|
@@ -1682,18 +1891,20 @@ if (Meteor.isServer) {
|
|
|
JsonRoutes.add(
|
|
|
'POST',
|
|
|
'/api/boards/:boardId/members/:userId/remove',
|
|
|
- function(req, res) {
|
|
|
+ function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
const userId = req.params.userId;
|
|
|
const boardId = req.params.boardId;
|
|
|
const action = req.body.action;
|
|
|
- let data = Meteor.users.findOne({ _id: userId });
|
|
|
+ let data = Meteor.users.findOne({
|
|
|
+ _id: userId,
|
|
|
+ });
|
|
|
if (data !== undefined) {
|
|
|
if (action === 'remove') {
|
|
|
data = Boards.find({
|
|
|
_id: boardId,
|
|
|
- }).map(function(board) {
|
|
|
+ }).map(function (board) {
|
|
|
if (board.hasMember(userId)) {
|
|
|
board.removeMember(userId);
|
|
|
}
|
|
|
@@ -1729,7 +1940,7 @@ if (Meteor.isServer) {
|
|
|
* @param {string} password the password of the new user
|
|
|
* @return_type {_id: string}
|
|
|
*/
|
|
|
- JsonRoutes.add('POST', '/api/users/', function(req, res) {
|
|
|
+ JsonRoutes.add('POST', '/api/users/', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
const id = Accounts.createUser({
|
|
|
@@ -1762,7 +1973,7 @@ if (Meteor.isServer) {
|
|
|
* @param {string} userId the ID of the user to delete
|
|
|
* @return_type {_id: string}
|
|
|
*/
|
|
|
- JsonRoutes.add('DELETE', '/api/users/:userId', function(req, res) {
|
|
|
+ JsonRoutes.add('DELETE', '/api/users/:userId', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
const id = req.params.userId;
|
|
|
@@ -1800,7 +2011,7 @@ if (Meteor.isServer) {
|
|
|
* @param {string} userId the ID of the user to create token for.
|
|
|
* @return_type {_id: string}
|
|
|
*/
|
|
|
- JsonRoutes.add('POST', '/api/createtoken/:userId', function(req, res) {
|
|
|
+ JsonRoutes.add('POST', '/api/createtoken/:userId', function (req, res) {
|
|
|
try {
|
|
|
Authentication.checkUserId(req.userId);
|
|
|
const id = req.params.userId;
|
Lauri Ojansivu