diff options
author | mayjs <johannes.may@udo.edu> | 2017-05-16 10:52:55 +0200 |
---|---|---|
committer | mayjs <johannes.may@udo.edu> | 2017-05-16 10:52:55 +0200 |
commit | 058aabff68ceb822edb74248f1263da6590cbe1e (patch) | |
tree | bcf513b5cb31eedfd55266a2ac37a107aeac74a0 | |
parent | 4ff906bd7b18d279d93b6c82c722c14c0c8d1f3a (diff) | |
download | wekan-058aabff68ceb822edb74248f1263da6590cbe1e.tar.gz wekan-058aabff68ceb822edb74248f1263da6590cbe1e.tar.bz2 wekan-058aabff68ceb822edb74248f1263da6590cbe1e.zip |
Implemented the change of /api/user/boards as proposed by huneau
-rw-r--r-- | models/boards.js | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/models/boards.js b/models/boards.js index 366a680a..5908dee9 100644 --- a/models/boards.js +++ b/models/boards.js @@ -556,8 +556,12 @@ if (Meteor.isServer) { //BOARDS REST API if (Meteor.isServer) { - JsonRoutes.add('GET', '/api/user/boards', function (req, res, next) { + JsonRoutes.add('GET', '/api/user/:userId/boards', function (req, res, next) { Authentication.checkLoggedIn(req.userId); + const paramUserId = req.params.userId; + // A normal user should be able to see their own boards, + // admins can access boards of any user + Authentication.checkAdminOrCondition(req.userId, req.userId === paramUserId); const data = Boards.find({ archived: false, |