diff options
author | Romulus Urakagi Tsai <urakagi@gmail.com> | 2020-02-13 09:02:26 +0000 |
---|---|---|
committer | Romulus Urakagi Tsai <urakagi@gmail.com> | 2020-02-13 09:02:26 +0000 |
commit | 4b196d537896f39fb76090020cb5851a699546eb (patch) | |
tree | 28e2e025ce90645ed360bb8c26ab39e6f40214e4 /models/checklists.js | |
parent | b34ed58289a3dae5838d3b621260938a3ecf52d5 (diff) | |
parent | 3fcde252f705f9527f7190517082a047714a4eec (diff) | |
download | wekan-4b196d537896f39fb76090020cb5851a699546eb.tar.gz wekan-4b196d537896f39fb76090020cb5851a699546eb.tar.bz2 wekan-4b196d537896f39fb76090020cb5851a699546eb.zip |
Merge branch 'master' of https://github.com/wekan/wekan into lib-change
Diffstat (limited to 'models/checklists.js')
-rw-r--r-- | models/checklists.js | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/models/checklists.js b/models/checklists.js index 3b50cda6..cf73e500 100644 --- a/models/checklists.js +++ b/models/checklists.js @@ -283,8 +283,15 @@ if (Meteor.isServer) { 'POST', '/api/boards/:boardId/cards/:cardId/checklists', function(req, res) { - Authentication.checkUserId(req.userId); - + // Check user is logged in + Authentication.checkLoggedIn(req.userId); + const paramBoardId = req.params.boardId; + // Check user has permission to add checklist to the card + const board = Boards.findOne({ + _id: paramBoardId, + }); + const addPermission = allowIsBoardMemberCommentOnly(req.userId, board); + Authentication.checkAdminOrCondition(req.userId, addPermission); const paramCardId = req.params.cardId; const id = Checklists.insert({ title: req.body.title, |