Merge branch 'master' into master

.meteor/versions

@@ -42,8 +42,8 @@ dynamic-import@0.6.0
 easylogic:summernote@0.8.8
 ecmascript@0.15.1
 ecmascript-runtime@0.7.0
-ecmascript-runtime-client@0.11.0
-ecmascript-runtime-server@0.10.0
+ecmascript-runtime-client@0.11.1
+ecmascript-runtime-server@0.10.1
 ejson@1.1.1
 email@2.0.0
 es5-shim@4.8.0
@@ -106,7 +106,7 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0
 mquandalle:moment@1.0.1
 mquandalle:mousetrap-bindglobal@0.0.1
 msavin:usercache@1.8.0
-npm-bcrypt@0.9.3
+npm-bcrypt@0.9.4
 npm-mongo@3.9.0
 oauth@1.3.2
 oauth2@1.3.0
@@ -211,7 +211,7 @@ tracker@1.2.0
 twbs:bootstrap@3.3.6
 ui@1.0.13
 underscore@1.0.10
-url@1.3.1
+url@1.3.2
 useraccounts:core@1.14.2
 useraccounts:flow-routing@1.14.2
 useraccounts:unstyled@1.14.2

CHANGELOG.md

@@ -1,6 +1,6 @@
 [Mac ChangeLog](https://github.com/wekan/wekan/wiki/Mac)
 
-# Upcoming Wekan release
+# v5.35 2021-06-14 Wekan release
 
 This release adds the following new features:
 
@@ -9,9 +9,11 @@ This release adds the following new features:
   [Part 1](https://github.com/wekan/wekan/commit/7f3f0825573b1f8a7b0388e4bacbb0bd2525e886).
   Added Wait Spinners docs: https://github.com/wekan/wekan/wiki/Wait-Spinners .
   Thanks to xet7.
-- [Maximize Card. In Progress](https://github.com/wekan/wekan/commit/8c572502436a2eb22bd1eb1e4069c1c9145e2070).
-  Thanks to xet7.
-- Export Card to PDF. In Progress.
+- Maximize Card.
+  [Part 1](https://github.com/wekan/wekan/commit/8c572502436a2eb22bd1eb1e4069c1c9145e2070),
+  [Part 2](https://github.com/wekan/wekan/pull/3863).
+  Thanks to mfilser and xet7.
+- Export Card to PDF. In Progress, does not work yet.
   [Part 1](https://github.com/wekan/wekan/commit/a2f2ce11354a8dbfdd6759e3b65797e4be4cc6ec),
   [Part 2](https://github.com/wekan/wekan/commit/17acf1884850d8d95ae79493289adf18966df652).
   Thanks to xet7.
@@ -28,10 +30,19 @@ and adds the following improvements:
 - [Add border and update label colors for better visibility](https://github.com/wekan/wekan/commit/2e1eb1e224c83f16a384316626d7a4183639d4cd).
   Thanks to xet7.
 
+and adds the following updates:
+
+- [Updated dependencies](https://github.com/wekan/wekan/commit/f80fcfd7c0a83f4181c7a0b8beb52da9ba1446d3).
+  Thanks to developers of dependencies.
+
 and fixes the following bugs:
 
 - [Manual sort number 0 accepted](https://github.com/wekan/wekan/pull/3861).
   Thanks to mfilser.
+- Allow board members to use more of API. Please add issue (or pull request) if this allows too much.
+  [Part 1](https://github.com/wekan/wekan/commit/a719e8fda1f78bcbf9af6e7b4341f8be1d141e90),
+  [Part 2](https://github.com/wekan/wekan/commit/164b6e9070199dca36d12fa3048d6b22bf6850b0).
+  Thanks to JayVii and xet7.
 
 Thanks to above GitHub users for their contributions and translators for their translations.
 

Stackerfile.yml

@@ -1,5 +1,5 @@
 appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928
-appVersion: "v5.34.0"
+appVersion: "v5.35.0"
 files:
   userUploads:
     - README.md

client/components/cards/cardDetails.jade

@@ -1,5 +1,5 @@
 template(name="cardDetails")
-  section.card-details.js-card-details: .card-details-canvas
+  section.card-details.js-card-details(class='{{#if cardMaximized}}card-details-maximized{{/if}}'): .card-details-canvas
     .card-details-header(class='{{#if colorClass}}card-details-{{colorClass}}{{/if}}')
       +inlinedForm(classNames="js-card-details-title")
         +editCardTitleForm

client/components/cards/cardDetails.js

@@ -412,11 +412,11 @@ BlazeComponent.extendComponent({
         'click #toggleButton'() {
           Meteor.call('toggleSystemMessages');
         },
-        'click #js-maximize-card-details'() {
+        'click .js-maximize-card-details'() {
           Meteor.call('toggleCardMaximized');
           autosize($('.card-details'));
         },
-        'click #js-minimize-card-details'() {
+        'click .js-minimize-card-details'() {
           Meteor.call('toggleCardMaximized');
           autosize($('.card-details'));
         },

client/components/cards/cardDetails.styl

@@ -86,62 +86,21 @@ avatar-radius = 50%
 
 // Other card details
 
-unless isMiniScreen
-  if cardMaximized
-    .card-details
-      padding: 0
-      flex-shrink: 0
-      flex-basis: calc(100% - 20px)
-      will-change: flex-basis
-      overflow-y: scroll
-      overflow-x: scroll
-      background: darken(white, 3%)
-      border-radius: bottom 3px
-      z-index: 1000 !important
-      animation: flexGrowIn 0.1s
-      box-shadow: 0 0 7px 0 darken(white, 30%)
-      transition: flex-basis 0.1s
-      box-sizing: border-box
-      position: absolute
-      top: 0
-      left: 0
-      height: calc(100% - 20px)
-      width: calc(100% - 20px)
-      float: left
-
-      .card-details-left
-        position: absolute
-        float: left
-        top: 60px
-        left: 20px
-        width: 47%
-
-      .card-details-right
-        position: absolute
-        float: right
-        top: 20px
-        left: 50%
-
-      .card-details-header
-        width: 47%
-
-if isMiniScreen
-  .card-details
-    padding: 0
-    flex-shrink: 0
-    flex-basis: 600px
-    will-change: flex-basis
-    overflow-y: scroll
-    overflow-x: hidden
-    background: darken(white, 3%)
-    border-radius: bottom 3px
-    z-index: 20 !important
-    animation: flexGrowIn 0.1s
-    box-shadow: 0 0 7px 0 darken(white, 30%)
-    transition: flex-basis 0.1s
-    box-sizing: border-box
-
 .card-details
+  padding: 0
+  flex-shrink: 0
+  flex-basis: 600px
+  will-change: flex-basis
+  overflow-y: scroll
+  overflow-x: hidden
+  background: darken(white, 3%)
+  border-radius: bottom 3px
+  z-index: 20 !important
+  animation: flexGrowIn 0.1s
+  box-shadow: 0 0 7px 0 darken(white, 30%)
+  transition: flex-basis 0.1s
+  box-sizing: border-box
+
   .mCustomScrollBox
     padding-left: 0
 
@@ -169,7 +128,7 @@ if isMiniScreen
     .maximize-card-details,
     .minimize-card-details
       font-size: 24px
-      padding: 5px
+      padding: 5px 10px 5px 10px
       margin-right: -8px
 
     .close-card-details-mobile-web
@@ -278,6 +237,43 @@ if isMiniScreen
   .activities
     padding-top: 10px
 
+.card-details-maximized
+  padding: 0
+  flex-shrink: 0
+  flex-basis: calc(100% - 20px)
+  will-change: flex-basis
+  overflow-y: scroll
+  overflow-x: scroll
+  background: darken(white, 3%)
+  border-radius: bottom 3px
+  z-index: 1000 !important
+  animation: flexGrowIn 0.1s
+  box-shadow: 0 0 7px 0 darken(white, 30%)
+  transition: flex-basis 0.1s
+  box-sizing: border-box
+  position: absolute
+  top: 0
+  left: 0
+  height: calc(100% - 20px)
+  width: calc(100% - 20px)
+  float: left
+
+  .card-details-left
+    position: absolute
+    float: left
+    top: 60px
+    left: 20px
+    width: 47%
+
+  .card-details-right
+    position: absolute
+    float: right
+    top: 20px
+    left: 50%
+
+  .card-details-header
+    width: 47%
+
 input[type="text"].attachment-add-link-input
   float: left
   margin: 0 0 8px

client/components/forms/forms.styl

@@ -86,7 +86,7 @@ select
   margin-bottom: 8px
 
   &.inline
-  	width: 100%
+    width: 100%
 
 option[disabled]
   color: #8c8c8c

i18n/de-CH.i18n.json

@@ -82,8 +82,8 @@
     "add-attachment": "Datei anhängen",
     "add-board": "Board hinzufügen",
     "add-card": "Karte hinzufügen",
-    "add-card-to-top-of-list": "Add Card to Top of List",
-    "add-card-to-bottom-of-list": "Add Card to Bottom of List",
+    "add-card-to-top-of-list": "Karte am Anfang der Liste hinzufügen",
+    "add-card-to-bottom-of-list": "Karte am Ende der Liste hinzufügen",
     "add-swimlane": "Swimlane hinzufügen",
     "add-subtask": "Teilaufgabe hinzufügen",
     "add-checklist": "Checkliste hinzufügen",
@@ -133,7 +133,7 @@
     "board-not-found": "Board nicht gefunden",
     "board-private-info": "Dieses Board wird <strong>privat</strong> sein.",
     "board-public-info": "Dieses Board wird <strong>öffentlich zugänglich</strong> sein.",
-    "board-drag-drop-reorder-or-click-open": "Drag and drop to reorder board icons. Click board icon to open board.",
+    "board-drag-drop-reorder-or-click-open": "Ziehen und Fallenlassen um die Board-Icons neu anzuordnen. Ein Klick auf das Board-Icon öffnet das zugehörige Board.",
     "boardChangeColorPopup-title": "Farbe des Boards ändern",
     "boardChangeTitlePopup-title": "Board umbenennen",
     "boardChangeVisibilityPopup-title": "Sichtbarkeit ändern",
@@ -159,7 +159,7 @@
     "card-due-on": "fällig am",
     "card-spent": "Aufgewendete Zeit",
     "card-edit-attachments": "Anhänge ändern",
-    "card-edit-custom-fields": "Benutzerdefinierte Felder editieren",
+    "card-edit-custom-fields": "Benutzerdefinierte Felder bearbeiten",
     "card-edit-labels": "Labels ändern",
     "card-edit-members": "Mitglieder ändern",
     "card-labels-title": "Labels für diese Karte ändern.",
@@ -168,11 +168,11 @@
     "card-start-on": "Start am",
     "cardAttachmentsPopup-title": "Anhängen von",
     "cardCustomField-datePopup-title": "Datum ändern",
-    "cardCustomFieldsPopup-title": "Benutzerdefinierte Felder editieren",
+    "cardCustomFieldsPopup-title": "Benutzerdefinierte Felder bearbeiten",
     "cardStartVotingPopup-title": "Abstimmung starten",
     "positiveVoteMembersPopup-title": "Befürworter",
     "negativeVoteMembersPopup-title": "Gegner",
-    "card-edit-voting": "Abstimmung editieren",
+    "card-edit-voting": "Abstimmung bearbeiten",
     "editVoteEndDatePopup-title": "Enddatum der Abstimmung ändern",
     "allowNonBoardMembers": "Alle eingeloggte Nutzer erlauben",
     "vote-question": "Abstimmen über",
@@ -233,7 +233,7 @@
     "close": "Schliessen",
     "close-board": "Board schliessen",
     "close-board-pop": "Sie können das Board wiederherstellen, indem Sie die Schaltfläche \"Archiv\" in der Kopfzeile der Startseite anklicken.",
-    "close-card": "Close Card",
+    "close-card": "Karte schliessen",
     "color-black": "schwarz",
     "color-blue": "blau",
     "color-crimson": "Karminrot",
@@ -358,11 +358,11 @@
     "export-board-excel": "Board nach Excel exportieren",
     "user-can-not-export-excel": "Benutzer kann nicht nach Excel exportieren",
     "export-board-html": "Board als HTML exportieren",
-    "export-card": "Export card",
-    "export-card-pdf": "Export card to PDF",
-    "user-can-not-export-card-to-pdf": "User can not export card to PDF",
+    "export-card": "Karte exportieren",
+    "export-card-pdf": "Karte als PDF exportieren",
+    "user-can-not-export-card-to-pdf": "Der Benutzer kann die Karte nicht als PDF exportieren",
     "exportBoardPopup-title": "Board exportieren",
-    "exportCardPopup-title": "Export card",
+    "exportCardPopup-title": "Karte exportieren",
     "sort": "Sortieren",
     "sort-desc": "Zum Sortieren der Liste klicken",
     "list-sort-by": "Sortieren der Liste nach:",
@@ -451,8 +451,8 @@
     "set-color-list": "Lege Farbe fest",
     "listActionPopup-title": "Listenaktionen",
     "settingsUserPopup-title": "Benutzereinstellungen",
-    "settingsTeamPopup-title": "Team Settings",
-    "settingsOrgPopup-title": "Organization Settings",
+    "settingsTeamPopup-title": "Team-Einstellungen",
+    "settingsOrgPopup-title": "Organisations-Einstellungen",
     "swimlaneActionPopup-title": "Swimlaneaktionen",
     "swimlaneAddPopup-title": "Swimlane unterhalb einfügen",
     "listImportCardPopup-title": "Eine Trello-Karte importieren",
@@ -668,7 +668,7 @@
     "setListColorPopup-title": "Farbe wählen",
     "assigned-by": "Zugewiesen von",
     "requested-by": "Angefordert von",
-    "card-sorting-by-number": "Card sorting by number",
+    "card-sorting-by-number": "Karten nach Nummer sortieren",
     "board-delete-notice": "Löschen kann nicht rückgängig gemacht werden. Sie werden alle Listen, Karten und Aktionen, die mit diesem Board verbunden sind, verlieren.",
     "delete-board-confirm-popup": "Alle Listen, Karten, Labels und Akivitäten werden gelöscht und Sie können die Inhalte des Boards nicht wiederherstellen! Die Aktion kann nicht rückgängig gemacht werden.",
     "boardDeletePopup-title": "Board löschen?",
@@ -850,8 +850,8 @@
     "act-duenow": "erinnernd an das aktuelle Fälligkeitszeitpunkt (__timeValue__) von __card__ ist jetzt",
     "act-atUserComment": "Sie wurden in [__board__] __list__/__card__ erwähnt",
     "delete-user-confirm-popup": "Sind Sie sicher, dass Sie diesen Account löschen wollen? Die Aktion kann nicht rückgängig gemacht werden.",
-    "delete-team-confirm-popup": "Are you sure you want to delete this team? There is no undo.",
-    "delete-org-confirm-popup": "Are you sure you want to delete this organization? There is no undo.",
+    "delete-team-confirm-popup": "Sind Sie sicher, dass Sie dieses Team löschen möchten? Es gibt kein Zurück!",
+    "delete-org-confirm-popup": "Sind Sie sicher, dass Sie diese Organisation löschen möchten? Es gibt kein Zurück!",
     "accounts-allowUserDelete": "Erlaube Benutzern ihren eigenen Account zu löschen",
     "hide-minicard-label-text": "Labeltext auf Minikarte ausblenden",
     "show-desktop-drag-handles": "Desktop-Ziehpunkte anzeigen",
@@ -1052,8 +1052,8 @@
     "Rotateplane": "Rotateplane Wait Spinner",
     "Scaleout": "Scaleout Wait Spinner",
     "Wave": "Wave Wait Spinner",
-    "maximize-card": "Maximize Card",
-    "minimize-card": "Minimize Card",
+    "maximize-card": "Karte maximieren",
+    "minimize-card": "Karte minimieren",
     "delete-org-warning-message": "Can not delete this organization, there is at least one user belongs to is",
     "delete-team-warning-message": "Can not delete this team, there is at least one user belongs to is"
 }

i18n/ru.i18n.json

@@ -358,11 +358,11 @@
     "export-board-excel": "Экспортировать доску в Excel",
     "user-can-not-export-excel": "Пользователь не может экспортировать в Excel",
     "export-board-html": "Экспортировать доску в HTML",
-    "export-card": "Export card",
-    "export-card-pdf": "Export card to PDF",
-    "user-can-not-export-card-to-pdf": "User can not export card to PDF",
+    "export-card": "Экспорт карточки",
+    "export-card-pdf": "Экспорт карточки в PDF",
+    "user-can-not-export-card-to-pdf": "Пользователь не может экспортировать карточку в PDF",
     "exportBoardPopup-title": "Экспортировать доску",
-    "exportCardPopup-title": "Export card",
+    "exportCardPopup-title": "Экспорт карточки",
     "sort": "Сортировать",
     "sort-desc": "Нажмите, чтобы отсортировать список",
     "list-sort-by": "Сортировать список по:",
@@ -1049,11 +1049,11 @@
     "Cube-Grid": "Сетка кубиков",
     "Dot": "Точки",
     "Double-Bounce": "Двойной прыгающий спинер ожидания",
-    "Rotateplane": "Rotateplane Wait Spinner",
-    "Scaleout": "Scaleout Wait Spinner",
-    "Wave": "Wave Wait Spinner",
-    "maximize-card": "Maximize Card",
-    "minimize-card": "Minimize Card",
+    "Rotateplane": "Врщающийся лист",
+    "Scaleout": "Увеличивающийся-уменьшающийся спиннер",
+    "Wave": "Волновой спиннер",
+    "maximize-card": "Максимизировать карточку",
+    "minimize-card": "Минимизировать карточку",
     "delete-org-warning-message": "Can not delete this organization, there is at least one user belongs to is",
     "delete-team-warning-message": "Can not delete this team, there is at least one user belongs to is"
 }

models/boards.js

@@ -1678,7 +1678,8 @@ if (Meteor.isServer) {
                     */
   JsonRoutes.add('GET', '/api/boards', function(req, res) {
     try {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       JsonRoutes.sendResult(res, {
         code: 200,
         data: Boards.find(
@@ -1852,7 +1853,8 @@ if (Meteor.isServer) {
    * @return_type string
    */
   JsonRoutes.add('PUT', '/api/boards/:boardId/labels', function(req, res) {
-    Authentication.checkUserId(req.userId);
+    const paramBoardId = req.params.boardId;
+    Authentication.checkBoardAccess(req.userId, paramBoardId);
     const id = req.params.boardId;
     try {
       if (req.body.hasOwnProperty('label')) {

models/cardComments.js

@@ -192,8 +192,8 @@ if (Meteor.isServer) {
     res,
   ) {
     try {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramCardId = req.params.cardId;
       JsonRoutes.sendResult(res, {
         code: 200,
@@ -230,8 +230,8 @@ if (Meteor.isServer) {
     '/api/boards/:boardId/cards/:cardId/comments/:commentId',
     function(req, res) {
       try {
-        Authentication.checkUserId(req.userId);
         const paramBoardId = req.params.boardId;
+        Authentication.checkBoardAccess(req.userId, paramBoardId);
         const paramCommentId = req.params.commentId;
         const paramCardId = req.params.cardId;
         JsonRoutes.sendResult(res, {
@@ -266,8 +266,8 @@ if (Meteor.isServer) {
     '/api/boards/:boardId/cards/:cardId/comments',
     function(req, res) {
       try {
-        Authentication.checkUserId(req.userId);
         const paramBoardId = req.params.boardId;
+        Authentication.checkBoardAccess(req.userId, paramBoardId);
         const paramCardId = req.params.cardId;
         const id = CardComments.direct.insert({
           userId: req.body.authorId,
@@ -312,8 +312,8 @@ if (Meteor.isServer) {
     '/api/boards/:boardId/cards/:cardId/comments/:commentId',
     function(req, res) {
       try {
-        Authentication.checkUserId(req.userId);
         const paramBoardId = req.params.boardId;
+        Authentication.checkBoardAccess(req.userId, paramBoardId);
         const paramCommentId = req.params.commentId;
         const paramCardId = req.params.cardId;
         CardComments.remove({

models/cards.js

@@ -3308,8 +3308,8 @@ if (Meteor.isServer) {
     'PUT',
     '/api/boards/:boardId/lists/:listId/cards/:cardId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramCardId = req.params.cardId;
       const paramListId = req.params.listId;
 
@@ -3666,8 +3666,8 @@ if (Meteor.isServer) {
     'DELETE',
     '/api/boards/:boardId/lists/:listId/cards/:cardId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramListId = req.params.listId;
       const paramCardId = req.params.cardId;
 

models/checklistItems.js

@@ -265,7 +265,8 @@ if (Meteor.isServer) {
     'GET',
     '/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramItemId = req.params.itemId;
       const checklistItem = ChecklistItems.findOne({ _id: paramItemId });
       if (checklistItem) {
@@ -298,7 +299,8 @@ if (Meteor.isServer) {
     'PUT',
     '/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
 
       const paramItemId = req.params.itemId;
 
@@ -349,7 +351,8 @@ if (Meteor.isServer) {
     'DELETE',
     '/api/boards/:boardId/cards/:cardId/checklists/:checklistId/items/:itemId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramItemId = req.params.itemId;
       ChecklistItems.direct.remove({ _id: paramItemId });
       JsonRoutes.sendResult(res, {

models/checklists.js

@@ -204,7 +204,8 @@ if (Meteor.isServer) {
     'GET',
     '/api/boards/:boardId/cards/:cardId/checklists',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramCardId = req.params.cardId;
       const checklists = Checklists.find({ cardId: paramCardId }).map(function(
         doc,
@@ -247,7 +248,8 @@ if (Meteor.isServer) {
     'GET',
     '/api/boards/:boardId/cards/:cardId/checklists/:checklistId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramChecklistId = req.params.checklistId;
       const paramCardId = req.params.cardId;
       const checklist = Checklists.findOne({
@@ -351,7 +353,8 @@ if (Meteor.isServer) {
     'DELETE',
     '/api/boards/:boardId/cards/:cardId/checklists/:checklistId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramChecklistId = req.params.checklistId;
       Checklists.remove({ _id: paramChecklistId });
       JsonRoutes.sendResult(res, {

models/customFields.js

@@ -294,8 +294,8 @@ if (Meteor.isServer) {
     req,
     res,
   ) {
-    Authentication.checkUserId(req.userId);
     const paramBoardId = req.params.boardId;
+    Authentication.checkBoardAccess(req.userId, paramBoardId);
     JsonRoutes.sendResult(res, {
       code: 200,
       data: CustomFields.find({ boardIds: { $in: [paramBoardId] } }).map(
@@ -323,8 +323,8 @@ if (Meteor.isServer) {
     'GET',
     '/api/boards/:boardId/custom-fields/:customFieldId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramCustomFieldId = req.params.customFieldId;
       JsonRoutes.sendResult(res, {
         code: 200,
@@ -353,8 +353,8 @@ if (Meteor.isServer) {
     req,
     res,
   ) {
-    Authentication.checkUserId(req.userId);
     const paramBoardId = req.params.boardId;
+    Authentication.checkBoardAccess(req.userId, paramBoardId);
     const board = Boards.findOne({ _id: paramBoardId });
     const id = CustomFields.direct.insert({
       name: req.body.name,
@@ -396,7 +396,8 @@ if (Meteor.isServer) {
     'PUT',
     '/api/boards/:boardId/custom-fields/:customFieldId',
     (req, res) => {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
 
       const paramFieldId = req.params.customFieldId;
 
@@ -461,7 +462,8 @@ if (Meteor.isServer) {
     'POST',
     '/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items',
     (req, res) => {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
 
       const paramCustomFieldId = req.params.customFieldId;
       const paramItems = req.body.items;
@@ -504,7 +506,8 @@ if (Meteor.isServer) {
     'PUT',
     '/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items/:dropdownItemId',
     (req, res) => {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
 
       const paramDropdownItemId = req.params.dropdownItemId;
       const paramCustomFieldId = req.params.customFieldId;
@@ -545,7 +548,8 @@ if (Meteor.isServer) {
     'DELETE',
     '/api/boards/:boardId/custom-fields/:customFieldId/dropdown-items/:dropdownItemId',
     (req, res) => {
-      Authentication.checkUserId(req.userId);
+      const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
 
       paramCustomFieldId = req.params.customFieldId;
       paramDropdownItemId = req.params.dropdownItemId;
@@ -580,8 +584,8 @@ if (Meteor.isServer) {
     'DELETE',
     '/api/boards/:boardId/custom-fields/:customFieldId',
     function(req, res) {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const id = req.params.customFieldId;
       CustomFields.remove({ _id: id, boardIds: { $in: [paramBoardId] } });
       JsonRoutes.sendResult(res, {

models/lists.js

@@ -531,8 +531,8 @@ if (Meteor.isServer) {
    */
   JsonRoutes.add('POST', '/api/boards/:boardId/lists', function(req, res) {
     try {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const board = Boards.findOne(paramBoardId);
       const id = Lists.insert({
         title: req.body.title,
@@ -569,8 +569,8 @@ if (Meteor.isServer) {
     res,
   ) {
     try {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const paramListId = req.params.listId;
       Lists.remove({ _id: paramListId, boardId: paramBoardId });
       JsonRoutes.sendResult(res, {

models/swimlanes.js

@@ -454,8 +454,8 @@ if (Meteor.isServer) {
    */
   JsonRoutes.add('POST', '/api/boards/:boardId/swimlanes', function(req, res) {
     try {
-      Authentication.checkUserId(req.userId);
       const paramBoardId = req.params.boardId;
+      Authentication.checkBoardAccess(req.userId, paramBoardId);
       const board = Boards.findOne(paramBoardId);
       const id = Swimlanes.insert({
         title: req.body.title,

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "wekan",
-  "version": "v5.34.0",
+  "version": "v5.35.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "wekan",
-  "version": "v5.34.0",
+  "version": "v5.35.0",
   "description": "Open-Source kanban",
   "private": true,
   "repository": {

public/api/wekan.html

@@ -7,7 +7,7 @@
     <meta charset="utf-8">
     <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
-    <title>Wekan REST API v5.34</title>
+    <title>Wekan REST API v5.35</title>
 
     <style>
     </style>
@@ -1553,7 +1553,7 @@ var n=this.pipeline.run(e.tokenizer(t)),r=new e.Vector,i=[],o=this._fields.reduc
 	  	<ul class="toc-list-h1">
         
           <li>
-            <a href="#wekan-rest-api" class="toc-h1 toc-link" data-title="Wekan REST API v5.34">Wekan REST API v5.34</a>
+            <a href="#wekan-rest-api" class="toc-h1 toc-link" data-title="Wekan REST API v5.35">Wekan REST API v5.35</a>
             
           </li>
         
@@ -2116,7 +2116,7 @@ var n=this.pipeline.run(e.tokenizer(t)),r=new e.Vector,i=[],o=this._fields.reduc
     <div class="page-wrapper">
       <div class="dark-box"></div>
       <div class="content">
-        <h1 id="wekan-rest-api">Wekan REST API v5.34</h1>
+        <h1 id="wekan-rest-api">Wekan REST API v5.35</h1>
 <blockquote>
 <p>Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.</p>
 </blockquote>
@@ -16000,6 +16000,7 @@ System.out.println(response.toString());
     <span class="hljs-attr">&quot;fullname&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
     <span class="hljs-attr">&quot;showDesktopDragHandles&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hideCheckedItems&quot;</span>: <span class="hljs-literal">true</span>,
+    <span class="hljs-attr">&quot;cardMaximized&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hiddenSystemMessages&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hiddenMinicardLabelText&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;initials&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
@@ -16752,6 +16753,7 @@ System.out.println(response.toString());
     <span class="hljs-attr">&quot;fullname&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
     <span class="hljs-attr">&quot;showDesktopDragHandles&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hideCheckedItems&quot;</span>: <span class="hljs-literal">true</span>,
+    <span class="hljs-attr">&quot;cardMaximized&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hiddenSystemMessages&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hiddenMinicardLabelText&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;initials&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
@@ -20783,6 +20785,7 @@ UserSecurity
     <span class="hljs-attr">&quot;fullname&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
     <span class="hljs-attr">&quot;showDesktopDragHandles&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hideCheckedItems&quot;</span>: <span class="hljs-literal">true</span>,
+    <span class="hljs-attr">&quot;cardMaximized&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hiddenSystemMessages&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;hiddenMinicardLabelText&quot;</span>: <span class="hljs-literal">true</span>,
     <span class="hljs-attr">&quot;initials&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
@@ -20957,6 +20960,7 @@ UserSecurity
   <span class="hljs-attr">&quot;fullname&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
   <span class="hljs-attr">&quot;showDesktopDragHandles&quot;</span>: <span class="hljs-literal">true</span>,
   <span class="hljs-attr">&quot;hideCheckedItems&quot;</span>: <span class="hljs-literal">true</span>,
+  <span class="hljs-attr">&quot;cardMaximized&quot;</span>: <span class="hljs-literal">true</span>,
   <span class="hljs-attr">&quot;hiddenSystemMessages&quot;</span>: <span class="hljs-literal">true</span>,
   <span class="hljs-attr">&quot;hiddenMinicardLabelText&quot;</span>: <span class="hljs-literal">true</span>,
   <span class="hljs-attr">&quot;initials&quot;</span>: <span class="hljs-string">&quot;string&quot;</span>,
@@ -21023,7 +21027,7 @@ UserSecurity
 <td>boolean</td>
 <td>false</td>
 <td>none</td>
-<td>does the user want to hide system messages?</td>
+<td>does the user want to show desktop drag handles?</td>
 </tr>
 <tr>
 <td>hideCheckedItems</td>
@@ -21033,6 +21037,13 @@ UserSecurity
 <td>does the user want to hide checked checklist items?</td>
 </tr>
 <tr>
+<td>cardMaximized</td>
+<td>boolean</td>
+<td>false</td>
+<td>none</td>
+<td>has user clicked maximize card?</td>
+</tr>
+<tr>
 <td>hiddenSystemMessages</td>
 <td>boolean</td>
 <td>false</td>

public/api/wekan.yml

@@ -1,7 +1,7 @@
 swagger: '2.0'
 info:
   title: Wekan REST API
-  version: v5.34
+  version: v5.35
   description: |
     The REST API allows you to control and extend Wekan with ease.
 
@@ -3841,12 +3841,16 @@ definitions:
         type: string
       showDesktopDragHandles:
         description: |
-           does the user want to hide system messages?
+           does the user want to show desktop drag handles?
         type: boolean
       hideCheckedItems:
         description: |
            does the user want to hide checked checklist items?
         type: boolean
+      cardMaximized:
+        description: |
+           has user clicked maximize card?
+        type: boolean
       hiddenSystemMessages:
         description: |
            does the user want to hide system messages?

sandstorm-pkgdef.capnp

@@ -22,10 +22,10 @@ const pkgdef :Spk.PackageDefinition = (
     appTitle = (defaultText = "Wekan"),
     # The name of the app as it is displayed to the user.
 
-    appVersion = 534,
+    appVersion = 535,
     # Increment this for every release.
 
-    appMarketingVersion = (defaultText = "5.34.0~2021-06-11"),
+    appMarketingVersion = (defaultText = "5.35.0~2021-06-14"),
     # Human-readable presentation of the app version.
 
     minUpgradableAppVersion = 0,

snapcraft.yaml

@@ -1,5 +1,5 @@
 name: wekan
-version: '5.34'
+version: '5.35'
 summary: The open-source kanban
 description: |
    Wekan is an open-source and collaborative kanban board application.