diff options
author | huneau romain <huneau.romain@gmail.com> | 2017-05-11 12:15:02 +0200 |
---|---|---|
committer | huneau romain <huneau.romain@gmail.com> | 2017-05-11 12:15:02 +0200 |
commit | b5271e5346cde2563d36c64a300729e27336a86b (patch) | |
tree | 98d29cf0deeaeb8a6d337c8dff4b8cf9268541c6 /models/checklists.js | |
parent | 548172949aaaea054f203d5fdc3286c90c5ae8e1 (diff) | |
download | wekan-b5271e5346cde2563d36c64a300729e27336a86b.tar.gz wekan-b5271e5346cde2563d36c64a300729e27336a86b.tar.bz2 wekan-b5271e5346cde2563d36c64a300729e27336a86b.zip |
add token authentication, only admin can use api
Diffstat (limited to 'models/checklists.js')
-rw-r--r-- | models/checklists.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/models/checklists.js b/models/checklists.js index 4bb580c3..537aecb0 100644 --- a/models/checklists.js +++ b/models/checklists.js @@ -177,6 +177,7 @@ if (Meteor.isServer) { //CARD COMMENT REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/checklists', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { code: 200, @@ -190,6 +191,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramChecklistId = req.params.checklistId; const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { @@ -199,6 +201,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards/:boardId/cards/:cardId/checklists', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramCardId = req.params.cardId; const checklistToSend = {}; @@ -221,6 +224,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramCommentId = req.params.commentId; const paramCardId = req.params.cardId; Checklists.remove({ _id: paramCommentId, cardId: paramCardId }); |