summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormayjs <johannes.may@udo.edu>2017-05-15 21:41:21 +0200
committermayjs <johannes.may@udo.edu>2017-05-15 21:41:21 +0200
commitc59891d44b09af1ed2112b1f524046376167dbed (patch)
treef8120a09eec9c0310811fbd70603ac50f652393e
parentcb99fc582ef50a4b6dfbbabdcf93998bc1478496 (diff)
downloadwekan-c59891d44b09af1ed2112b1f524046376167dbed.tar.gz
wekan-c59891d44b09af1ed2112b1f524046376167dbed.tar.bz2
wekan-c59891d44b09af1ed2112b1f524046376167dbed.zip
Added readonly user access to cards
-rw-r--r--models/cards.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/models/cards.js b/models/cards.js
index bbe46b55..c48b4845 100644
--- a/models/cards.js
+++ b/models/cards.js
@@ -373,9 +373,9 @@ if (Meteor.isServer) {
//LISTS REST API
if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId/cards', function (req, res, next) {
- Authentication.checkUserId( req.userId);
const paramBoardId = req.params.boardId;
const paramListId = req.params.listId;
+ Authentication.checkBoardAccess( req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Cards.find({ boardId: paramBoardId, listId: paramListId, archived: false }).map(function (doc) {
@@ -389,10 +389,10 @@ if (Meteor.isServer) {
});
JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) {
- Authentication.checkUserId( req.userId);
const paramBoardId = req.params.boardId;
const paramListId = req.params.listId;
const paramCardId = req.params.cardId;
+ Authentication.checkBoardAccess( req.userId, paramBoardId);
JsonRoutes.sendResult(res, {
code: 200,
data: Cards.findOne({ _id: paramCardId, listId: paramListId, boardId: paramBoardId, archived: false }),