summaryrefslogtreecommitdiffstats
path: root/models/checklists.js
diff options
context:
space:
mode:
authorhuneau romain <huneau.romain@gmail.com>2017-05-11 12:15:02 +0200
committerhuneau romain <huneau.romain@gmail.com>2017-05-11 12:15:02 +0200
commitb5271e5346cde2563d36c64a300729e27336a86b (patch)
tree98d29cf0deeaeb8a6d337c8dff4b8cf9268541c6 /models/checklists.js
parent548172949aaaea054f203d5fdc3286c90c5ae8e1 (diff)
downloadwekan-b5271e5346cde2563d36c64a300729e27336a86b.tar.gz
wekan-b5271e5346cde2563d36c64a300729e27336a86b.tar.bz2
wekan-b5271e5346cde2563d36c64a300729e27336a86b.zip
add token authentication, only admin can use api
Diffstat (limited to 'models/checklists.js')
-rw-r--r--models/checklists.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/models/checklists.js b/models/checklists.js
index 4bb580c3..537aecb0 100644
--- a/models/checklists.js
+++ b/models/checklists.js
@@ -177,6 +177,7 @@ if (Meteor.isServer) {
//CARD COMMENT REST API
if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/checklists', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const paramCardId = req.params.cardId;
JsonRoutes.sendResult(res, {
code: 200,
@@ -190,6 +191,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const paramChecklistId = req.params.checklistId;
const paramCardId = req.params.cardId;
JsonRoutes.sendResult(res, {
@@ -199,6 +201,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('POST', '/api/boards/:boardId/cards/:cardId/checklists', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const paramCardId = req.params.cardId;
const checklistToSend = {};
@@ -221,6 +224,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('DELETE', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const paramCommentId = req.params.commentId;
const paramCardId = req.params.cardId;
Checklists.remove({ _id: paramCommentId, cardId: paramCardId });