Home Explore Help
Sign In
mirrors
/
wekan
mirror of https://github.com/wekan/wekan.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Changed GET /api/boards/:id to allow access by the normally also allowed users.

mayjs 8 years ago
parent
ef6f2e8d62
commit
95e2025ff9
1 changed files with 5 additions and 2 deletions
Split View Show Diff Stats
  1. 5 2
      models/boards.js

+ 5 - 2
models/boards.js
View File 

@@ -557,7 +557,6 @@ if (Meteor.isServer) {
 
 //BOARDS REST API
 
 if (Meteor.isServer) {
 
   JsonRoutes.add('GET', '/api/user/boards', function (req, res, next) {
 
-    // TODO: This should be changed to be less restrictive!
 
     Authentication.checkLoggedIn(req.userId);
 
 
     const data = Boards.find({
 
@@ -589,8 +588,12 @@ if (Meteor.isServer) {
 
   });
 
 
   JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
 
-    Authentication.checkUserId( req.userId);
 
+    Authentication.checkLoggedIn( req.userId);
 
     const id = req.params.id;
 
+    const board = Boards.findOne({ _id: id });
 
+    const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
 
+    Authentication.checkAdminOrCondition(req.userId, normalAccess);
 
+
 
     JsonRoutes.sendResult(res, {
 
       code: 200,
 
       data: Boards.findOne({ _id: id }),