summaryrefslogtreecommitdiffstats
path: root/models/cards.js
diff options
context:
space:
mode:
authorzago <arnaud.zago@gmail.com>2017-07-07 11:11:38 +0200
committerzago <arnaud.zago@gmail.com>2017-07-07 11:11:38 +0200
commitcac82e4330bd78bef0870040936d92191e7a8cea (patch)
tree597a4426bcf7fcdc11431b582ec151a6a2a4d4f9 /models/cards.js
parentafc30226ac3bb0430a80a8607f5abf4a88551b8a (diff)
downloadwekan-cac82e4330bd78bef0870040936d92191e7a8cea.tar.gz
wekan-cac82e4330bd78bef0870040936d92191e7a8cea.tar.bz2
wekan-cac82e4330bd78bef0870040936d92191e7a8cea.zip
checking the authorId when adding card
Diffstat (limited to 'models/cards.js')
-rw-r--r--models/cards.js37
1 files changed, 22 insertions, 15 deletions
diff --git a/models/cards.js b/models/cards.js
index 415c3bde..64b9c3db 100644
--- a/models/cards.js
+++ b/models/cards.js
@@ -403,21 +403,28 @@ if (Meteor.isServer) {
Authentication.checkUserId( req.userId);
const paramBoardId = req.params.boardId;
const paramListId = req.params.listId;
- const id = Cards.insert({
- title: req.body.title,
- boardId: paramBoardId,
- listId: paramListId,
- description: req.body.description,
- userId : req.body.authorId,
- sort: 0,
- members:[ req.body.authorId ],
- });
- JsonRoutes.sendResult(res, {
- code: 200,
- data: {
- _id: id,
- },
- });
+ const check = Users.findOne({_id:req.body.authorId});
+ if(typeof check !== 'undefined') {
+ const id = Cards.insert({
+ title: req.body.title,
+ boardId: paramBoardId,
+ listId: paramListId,
+ description: req.body.description,
+ userId: req.body.authorId,
+ sort: 0,
+ members: [req.body.authorId],
+ });
+ JsonRoutes.sendResult(res, {
+ code: 200,
+ data: {
+ _id: id,
+ },
+ });
+ }else{
+ JsonRoutes.sendResult(res, {
+ code: 401,
+ });
+ }
});
JsonRoutes.add('PUT', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) {