diff options
author | mayjs <johannes.may@udo.edu> | 2017-05-15 21:02:31 +0200 |
---|---|---|
committer | mayjs <johannes.may@udo.edu> | 2017-05-15 21:02:31 +0200 |
commit | 1e8d9f02f32a83bc3514330be53f7bd21156142b (patch) | |
tree | d50981489b79cdb2e1078b9b1488f57d5f176371 /models/boards.js | |
parent | 95e2025ff9ac07644175689b873749fc2087eef2 (diff) | |
download | wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.tar.gz wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.tar.bz2 wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.zip |
Extracted board access check function
Diffstat (limited to 'models/boards.js')
-rw-r--r-- | models/boards.js | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/models/boards.js b/models/boards.js index 3778963f..57493fd3 100644 --- a/models/boards.js +++ b/models/boards.js @@ -588,11 +588,8 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) { - Authentication.checkLoggedIn( req.userId); const id = req.params.id; - const board = Boards.findOne({ _id: id }); - const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId); - Authentication.checkAdminOrCondition(req.userId, normalAccess); + Authentication.checkBoardAccess( req.userId, id); JsonRoutes.sendResult(res, { code: 200, |