diff options
author | zago <arnaud.zago@gmail.com> | 2017-07-07 11:11:38 +0200 |
---|---|---|
committer | zago <arnaud.zago@gmail.com> | 2017-07-07 11:11:38 +0200 |
commit | cac82e4330bd78bef0870040936d92191e7a8cea (patch) | |
tree | 597a4426bcf7fcdc11431b582ec151a6a2a4d4f9 /models/cards.js | |
parent | afc30226ac3bb0430a80a8607f5abf4a88551b8a (diff) | |
download | wekan-cac82e4330bd78bef0870040936d92191e7a8cea.tar.gz wekan-cac82e4330bd78bef0870040936d92191e7a8cea.tar.bz2 wekan-cac82e4330bd78bef0870040936d92191e7a8cea.zip |
checking the authorId when adding card
Diffstat (limited to 'models/cards.js')
-rw-r--r-- | models/cards.js | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/models/cards.js b/models/cards.js index 415c3bde..64b9c3db 100644 --- a/models/cards.js +++ b/models/cards.js @@ -403,21 +403,28 @@ if (Meteor.isServer) { Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; - const id = Cards.insert({ - title: req.body.title, - boardId: paramBoardId, - listId: paramListId, - description: req.body.description, - userId : req.body.authorId, - sort: 0, - members:[ req.body.authorId ], - }); - JsonRoutes.sendResult(res, { - code: 200, - data: { - _id: id, - }, - }); + const check = Users.findOne({_id:req.body.authorId}); + if(typeof check !== 'undefined') { + const id = Cards.insert({ + title: req.body.title, + boardId: paramBoardId, + listId: paramListId, + description: req.body.description, + userId: req.body.authorId, + sort: 0, + members: [req.body.authorId], + }); + JsonRoutes.sendResult(res, { + code: 200, + data: { + _id: id, + }, + }); + }else{ + JsonRoutes.sendResult(res, { + code: 401, + }); + } }); JsonRoutes.add('PUT', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) { |