diff options
author | mayjs <johannes.may@udo.edu> | 2017-05-15 21:02:31 +0200 |
---|---|---|
committer | mayjs <johannes.may@udo.edu> | 2017-05-15 21:02:31 +0200 |
commit | 1e8d9f02f32a83bc3514330be53f7bd21156142b (patch) | |
tree | d50981489b79cdb2e1078b9b1488f57d5f176371 | |
parent | 95e2025ff9ac07644175689b873749fc2087eef2 (diff) | |
download | wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.tar.gz wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.tar.bz2 wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.zip |
Extracted board access check function
-rw-r--r-- | models/boards.js | 5 | ||||
-rw-r--r-- | server/authentication.js | 9 |
2 files changed, 10 insertions, 4 deletions
diff --git a/models/boards.js b/models/boards.js index 3778963f..57493fd3 100644 --- a/models/boards.js +++ b/models/boards.js @@ -588,11 +588,8 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) { - Authentication.checkLoggedIn( req.userId); const id = req.params.id; - const board = Boards.findOne({ _id: id }); - const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId); - Authentication.checkAdminOrCondition(req.userId, normalAccess); + Authentication.checkBoardAccess( req.userId, id); JsonRoutes.sendResult(res, { code: 200, diff --git a/server/authentication.js b/server/authentication.js index a67b64aa..14e9d1c4 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -39,5 +39,14 @@ Meteor.startup(() => { } } + // Helper function. Will throw an error if the user does not have read only access to the given board + Authentication.checkBoardAccess = function(userId, boardId) { + Authentication.checkLoggedIn(userId); + + const board = Boards.findOne({ _id: boardId }); + const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId); + Authentication.checkAdminOrCondition(userId, normalAccess); + } + }); |