Prevent normal user deleting or modifying too much.

Allow normal user to export board.

Thanks to Samunosuke, pgh2357 and xet7 !

Related #3377

client/components/boards/boardArchive.jade

@@ -7,9 +7,10 @@ template(name="archivedBoards")
     each archivedBoards
       li.archived-lists-item
         div.board-header-btns
-          button.board-header-btn.js-delete-board
-            i.fa.fa-trash-o
-            | {{_ 'delete-board'}}
+          if currentUser.isBoardAdmin
+            button.board-header-btn.js-delete-board
+              i.fa.fa-trash-o
+              | {{_ 'delete-board'}}
           button.board-header-btn.js-restore-board
             i.fa.fa-undo
             | {{_ 'restore-board'}}

client/components/boards/boardBody.js

@@ -211,7 +211,12 @@ BlazeComponent.extendComponent({
       }
 
       // Disable drag-dropping if the current user is not a board member
-      $swimlanesDom.sortable('option', 'disabled', !userIsMember());
+      //$swimlanesDom.sortable('option', 'disabled', !userIsMember());
+      $swimlanesDom.sortable(
+        'option',
+        'disabled',
+        !Meteor.user().isBoardAdmin(),
+      );
     });
 
     function userIsMember() {

client/components/cards/attachments.jade

@@ -46,9 +46,10 @@ template(name="attachmentsGalery")
                         | {{_ 'remove-cover'}}
                       else
                         | {{_ 'add-cover'}}
-                  a.js-confirm-delete
-                    i.fa.fa-close
-                    | {{_ 'delete'}}
+                  if currentUser.isBoardAdmin
+                    a.js-confirm-delete
+                      i.fa.fa-close
+                      | {{_ 'delete'}}
 
     if currentUser.isBoardMember
       unless currentUser.isCommentOnly

client/components/cards/cardDetails.jade

@@ -354,10 +354,11 @@ template(name="cardDetailsActionsPopup")
           a.js-start-voting
             i.fa.fa-thumbs-up
             | {{_ 'card-edit-voting'}}
-        li
-          a.js-custom-fields
-            i.fa.fa-list-alt
-            | {{_ 'card-edit-custom-fields'}}
+        if currentBoard.isBoardAdmin
+          li
+            a.js-custom-fields
+              i.fa.fa-list-alt
+              | {{_ 'card-edit-custom-fields'}}
         //li: a.js-received-date {{_ 'editCardReceivedDatePopup-title'}}
         //li: a.js-start-date {{_ 'editCardStartDatePopup-title'}}
         //li: a.js-due-date {{_ 'editCardDueDatePopup-title'}}
@@ -382,10 +383,11 @@ template(name="cardDetailsActionsPopup")
           | {{_ 'moveCardToBottom-title'}}
       hr
     ul.pop-over-list
-      li
-        a.js-move-card
-          i.fa.fa-arrow-right
-          | {{_ 'moveCardPopup-title'}}
+      if currentBoard.isBoardAdmin
+        li
+          a.js-move-card
+            i.fa.fa-arrow-right
+            | {{_ 'moveCardPopup-title'}}
       unless currentUser.isWorker
         li
           a.js-copy-card
@@ -562,7 +564,8 @@ template(name="cardMorePopup")
     br
     | {{_ 'added'}}
     span.date(title=card.createdAt) {{ moment createdAt 'LLL' }}
-    a.js-delete(title="{{_ 'card-delete-notice'}}") {{_ 'delete'}}
+    if currentUser.isBoardAdmin
+      a.js-delete(title="{{_ 'card-delete-notice'}}") {{_ 'delete'}}
 
 template(name="setCardColorPopup")
   form.edit-label
@@ -609,7 +612,8 @@ template(name="cardStartVotingPopup")
 
     button.primary.js-submit {{_ 'save'}}
     if getVoteQuestion
-      button.js-remove-vote.negate.wide.right {{_ 'delete'}}
+      if currentUser.isBoardAdmin
+        button.js-remove-vote.negate.wide.right {{_ 'delete'}}
 
 template(name="positiveVoteMembersPopup")
   ul.pop-over-list.js-card-member-list

client/components/cards/checklists.jade

@@ -37,7 +37,8 @@ template(name="checklistDetail")
       .checklist-title
         span
         if canModifyCard
-          a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}...
+          if currentUser.isBoardAdmin
+            a.js-delete-checklist.toggle-delete-checklist-dialog {{_ "delete"}}...
 
         if canModifyCard
           h2.title.js-open-inlined-form.is-editable
@@ -59,9 +60,10 @@ template(name="checklistDeleteDialog")
       | {{_ 'confirm-checklist-delete-dialog'}}
       span {{checklist.title}}
       | ?
-    .js-checklist-delete-buttons
-      button.confirm-checklist-delete(type="button") {{_ 'delete'}}
-      button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}}
+    if currentUser.isBoardAdmin
+      .js-checklist-delete-buttons
+        button.confirm-checklist-delete(type="button") {{_ 'delete'}}
+        button.toggle-delete-checklist-dialog(type="button") {{_ 'cancel'}}
 
 template(name="addChecklistItemForm")
   textarea.js-add-checklist-item(rows='1' autofocus)
@@ -80,7 +82,8 @@ template(name="editChecklistItemForm")
     a.fa.fa-times-thin.js-close-inlined-form
     span(title=createdAt) {{ moment createdAt }}
     if canModifyCard
-      a.js-delete-checklist-item {{_ "delete"}}...
+      if currentUser.isBoardAdmin
+        a.js-delete-checklist-item {{_ "delete"}}...
 
 template(name="checklistItems")
   .checklist-items.js-checklist-items

client/components/cards/subtasks.jade

@@ -2,10 +2,10 @@ template(name="subtasks")
   h3.card-details-item-title
     i.fa.fa-sitemap
     | {{_ 'subtasks'}}
-  if toggleDeleteDialog.get
-    .board-overlay#card-details-overlay
-    +subtaskDeleteDialog(subtask = subtaskToDelete)
-
+  if currentUser.isBoardAdmin
+    if toggleDeleteDialog.get
+      .board-overlay#card-details-overlay
+      +subtaskDeleteDialog(subtask = subtaskToDelete)
 
   .card-subtasks-items
     each subtask in currentCard.subtasks
@@ -28,7 +28,8 @@ template(name="subtaskDetail")
         span
         a.js-view-subtask(title="{{ subtask.title }}") {{_ "view-it"}}
         if canModifyCard
-          a.js-delete-subtask.toggle-delete-subtask-dialog {{_ "delete"}}...
+          if currentUser.isBoardAdmin
+            a.js-delete-subtask.toggle-delete-subtask-dialog {{_ "delete"}}...
 
         if canModifyCard
           h2.title.js-open-inlined-form.is-editable
@@ -68,7 +69,8 @@ template(name="editSubtaskItemForm")
     a.fa.fa-times-thin.js-close-inlined-form
     span(title=createdAt) {{ moment createdAt }}
     if canModifyCard
-      a.js-delete-subtask-item {{_ "delete"}}...
+      if currentUser.isBoardAdmin
+        a.js-delete-subtask-item {{_ "delete"}}...
 
 template(name="subtasksItems")
   .subtasks-items.js-subtasks-items

client/components/lists/listHeader.jade

@@ -43,8 +43,9 @@ template(name="listHeader")
             if canSeeAddCard
               a.js-add-card.fa.fa-plus.list-header-plus-icon
             a.fa.fa-navicon.js-open-list-menu
-          if showDesktopDragHandles
-            a.list-header-handle.handle.fa.fa-arrows.js-list-handle
+          if currentUser.isBoardAdmin
+            if showDesktopDragHandles
+              a.list-header-handle.handle.fa.fa-arrows.js-list-handle
 
 template(name="editListTitleForm")
   .list-composer
@@ -115,8 +116,9 @@ template(name="listMorePopup")
       input.inline-input(type="text" readonly value="{{ rootUrl }}")
     | {{_ 'added'}}
     span.date(title=list.createdAt) {{ moment createdAt 'LLL' }}
-    unless currentUser.isWorker
-      a.js-delete {{_ 'delete'}}
+    //unless currentUser.isWorker
+    //  if currentUser.isBoardAdmin
+    //    a.js-delete {{_ 'delete'}}
 
 template(name="listDeletePopup")
   p {{_ "list-delete-pop"}}

client/components/sidebar/sidebar.jade

@@ -269,14 +269,16 @@ template(name="outgoingWebhooksPopup")
 
 template(name="boardMenuPopup")
   ul.pop-over-list
-    li
-      a.js-open-rules-view(title="{{_ 'rules'}}")
-        i.fa.fa-magic
-        | {{_ 'rules'}}
-    li
-      a.js-custom-fields
-        i.fa.fa-list-alt
-        | {{_ 'custom-fields'}}
+    if currentUser.isBoardAdmin
+      li
+        a.js-open-rules-view(title="{{_ 'rules'}}")
+          i.fa.fa-magic
+          | {{_ 'rules'}}
+    if currentUser.isBoardAdmin
+      li
+        a.js-custom-fields
+          i.fa.fa-list-alt
+          | {{_ 'custom-fields'}}
     li
       a.js-open-archives
         i.fa.fa-archive
@@ -297,14 +299,14 @@ template(name="boardMenuPopup")
           i.fa.fa-flag
           | {{_ 'language'}}
   unless isSandstorm
-    if currentUser.isBoardAdmin
-      hr
-      ul.pop-over-list
-        if withApi
-          li
-            a.js-export-board
-              i.fa.fa-share-alt
-              | {{_ 'export-board'}}
+    hr
+    ul.pop-over-list
+      if withApi
+        li
+          a.js-export-board
+            i.fa.fa-share-alt
+            | {{_ 'export-board'}}
+      if currentUser.isBoardAdmin
         li
           a.js-outgoing-webhooks
             i.fa.fa-globe
@@ -317,7 +319,8 @@ template(name="boardMenuPopup")
           a.js-subtask-settings
             i.fa.fa-sitemap
             | {{_ 'subtask-settings'}}
-      unless currentBoard.isTemplatesBoard
+    unless currentBoard.isTemplatesBoard
+      if currentUser.isBoardAdmin
         hr
         ul.pop-over-list
           li
@@ -329,20 +332,22 @@ template(name="boardMenuPopup")
   if isSandstorm
     hr
     ul.pop-over-list
-      li
-        a.js-export-board
-          i.fa.fa-share-alt
-          | {{_ 'export-board'}}
-      li
-        a.js-import-board
-          i.fa.fa-share-alt
-          i.fa.fa-sign-in
-          | {{_ 'import-board-c'}}
-      li
-        a.js-archive-board
-          i.fa.fa-arrow-right
-          i.fa.fa-archive
-          | {{_ 'archive-board'}}
+      if currentUser.isMember
+        li
+          a.js-export-board
+            i.fa.fa-share-alt
+            | {{_ 'export-board'}}
+        li
+          a.js-import-board
+            i.fa.fa-share-alt
+            i.fa.fa-sign-in
+            | {{_ 'import-board-c'}}
+      if currentUser.isBoardAdmin
+        li
+          a.js-archive-board
+            i.fa.fa-arrow-right
+            i.fa.fa-archive
+            | {{_ 'archive-board'}}
       li
         a.js-outgoing-webhooks
           i.fa.fa-globe

client/components/sidebar/sidebarArchives.jade

@@ -5,8 +5,9 @@ template(name="archivesSidebar")
         unless isWorker
           p.quiet
             a.js-restore-all-cards {{_ 'restore-all'}}
-            | -
-            a.js-delete-all-cards {{_ 'delete-all'}}
+            if currentUser.isBoardAdmin
+              | -
+              a.js-delete-all-cards {{_ 'delete-all'}}
         each archivedCards
           .minicard-wrapper.js-minicard
             +minicard(this)
@@ -14,8 +15,9 @@ template(name="archivesSidebar")
             unless isWorker
               p.quiet
                 a.js-restore-card {{_ 'restore'}}
-                | -
-                a.js-delete-card {{_ 'delete'}}
+                if currentUser.isBoardAdmin
+                  | -
+                  a.js-delete-card {{_ 'delete'}}
             if cardIsInArchivedList
               p.quiet.small ({{_ 'warn-list-archived'}})
         else
@@ -25,8 +27,9 @@ template(name="archivesSidebar")
         unless isWorker
           p.quiet
             a.js-restore-all-lists {{_ 'restore-all'}}
-            | -
-            a.js-delete-all-lists {{_ 'delete-all'}}
+            if currentUser.isBoardAdmin
+              | -
+              a.js-delete-all-lists {{_ 'delete-all'}}
         ul.archived-lists
           each archivedLists
             li.archived-lists-item
@@ -35,8 +38,9 @@ template(name="archivesSidebar")
                 unless isWorker
                   p.quiet
                     a.js-restore-list {{_ 'restore'}}
-                    | -
-                    a.js-delete-list {{_ 'delete'}}
+                    if currentUser.isBoardAdmin
+                      | -
+                      a.js-delete-list {{_ 'delete'}}
           else
             li.no-items-message {{_ 'no-archived-lists'}}
 
@@ -44,8 +48,9 @@ template(name="archivesSidebar")
         unless isWorker
           p.quiet
             a.js-restore-all-swimlanes {{_ 'restore-all'}}
-            | -
-            a.js-delete-all-swimlanes {{_ 'delete-all'}}
+            if currentUser.isBoardAdmin
+              | -
+              a.js-delete-all-swimlanes {{_ 'delete-all'}}
         ul.archived-lists
           each archivedSwimlanes
             li.archived-lists-item
@@ -54,8 +59,9 @@ template(name="archivesSidebar")
                 unless isWorker
                   p.quiet
                     a.js-restore-swimlane {{_ 'restore'}}
-                    | -
-                    a.js-delete-swimlane {{_ 'delete'}}
+                    if currentUser.isBoardAdmin
+                      | -
+                      a.js-delete-swimlane {{_ 'delete'}}
           else
             li.no-items-message {{_ 'no-archived-swimlanes'}}
   else

client/components/sidebar/sidebarFilters.jade

@@ -155,7 +155,7 @@ template(name="multiselectionSidebar")
               i.fa.fa-check
             else if someSelectedElementHave 'member' _id
               i.fa.fa-ellipsis-h
-  unless currentUser.isWorker
+  if currentUser.isBoardAdmin
     hr
     a.sidebar-btn.js-move-selection
       i.fa.fa-share

client/components/swimlanes/swimlaneHeader.jade

@@ -15,8 +15,9 @@ template(name="swimlaneFixedHeader")
         = title
   .swimlane-header-menu
     unless currentUser.isCommentOnly
-      a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon
-      a.fa.fa-navicon.js-open-swimlane-menu
+      if currentUser.isBoardAdmin
+        a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon
+        a.fa.fa-navicon.js-open-swimlane-menu
       unless isMiniScreen
         if showDesktopDragHandles
           a.swimlane-header-handle.handle.fa.fa-arrows.js-swimlane-header-handle

client/components/swimlanes/swimlanes.jade

@@ -45,18 +45,19 @@ template(name="listsGroup")
 template(name="addListForm")
   unless currentUser.isWorker
     .list.list-composer.js-list-composer(class="{{#if isMiniScreen}}mini-list{{/if}}")
-      .list-header-add
-        +inlinedForm(autoclose=false)
-          input.list-name-input.full-line(type="text" placeholder="{{_ 'add-list'}}"
-            autocomplete="off" autofocus)
-          .edit-controls.clearfix
-            button.primary.confirm(type="submit") {{_ 'save'}}
-            unless currentBoard.isTemplatesBoard
-              unless currentBoard.isTemplateBoard
-                span.quiet
-                  | {{_ 'or'}}
-                  a.js-list-template {{_ 'template'}}
-        else
-          a.open-list-composer.js-open-inlined-form
-            i.fa.fa-plus
-            | {{_ 'add-list'}}
+      if currentUser.isBoardAdmin
+        .list-header-add
+          +inlinedForm(autoclose=false)
+            input.list-name-input.full-line(type="text" placeholder="{{_ 'add-list'}}"
+              autocomplete="off" autofocus)
+            .edit-controls.clearfix
+              button.primary.confirm(type="submit") {{_ 'save'}}
+              unless currentBoard.isTemplatesBoard
+                unless currentBoard.isTemplateBoard
+                  span.quiet
+                    | {{_ 'or'}}
+                    a.js-list-template {{_ 'template'}}
+          else
+            a.open-list-composer.js-open-inlined-form
+              i.fa.fa-plus
+              | {{_ 'add-list'}}

client/components/swimlanes/swimlanes.js

@@ -122,7 +122,8 @@ function initSortable(boardComponent, $listsDom) {
         'option',
         'disabled',
         // Disable drag-dropping when user is not member/is worker
-        !userIsMember() || Meteor.user().isWorker(),
+        //!userIsMember() || Meteor.user().isWorker(),
+        !Meteor.user().isBoardAdmin(),
         // Not disable drag-dropping while in multi-selection mode
         // MultiSelection.isActive() || !userIsMember(),
       );
@@ -274,12 +275,13 @@ Template.swimlane.helpers({
     }
   },
   canSeeAddList() {
-    return (
+    return Meteor.user().isBoardAdmin();
+    /*
       Meteor.user() &&
       Meteor.user().isBoardMember() &&
       !Meteor.user().isCommentOnly() &&
       !Meteor.user().isWorker()
-    );
+      */
   },
 });