summaryrefslogtreecommitdiffstats
path: root/models/users.js
diff options
context:
space:
mode:
authorhuneau romain <huneau.romain@gmail.com>2017-05-11 12:15:02 +0200
committerhuneau romain <huneau.romain@gmail.com>2017-05-11 12:15:02 +0200
commitb5271e5346cde2563d36c64a300729e27336a86b (patch)
tree98d29cf0deeaeb8a6d337c8dff4b8cf9268541c6 /models/users.js
parent548172949aaaea054f203d5fdc3286c90c5ae8e1 (diff)
downloadwekan-b5271e5346cde2563d36c64a300729e27336a86b.tar.gz
wekan-b5271e5346cde2563d36c64a300729e27336a86b.tar.bz2
wekan-b5271e5346cde2563d36c64a300729e27336a86b.zip
add token authentication, only admin can use api
Diffstat (limited to 'models/users.js')
-rw-r--r--models/users.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/models/users.js b/models/users.js
index c1ce146a..aa870dca 100644
--- a/models/users.js
+++ b/models/users.js
@@ -528,6 +528,7 @@ if (Meteor.isServer) {
// USERS REST API
if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/users', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
JsonRoutes.sendResult(res, {
code: 200,
data: Meteor.users.find({}).map(function (doc) {
@@ -536,6 +537,7 @@ if (Meteor.isServer) {
});
});
JsonRoutes.add('GET', '/api/users/:id', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const id = req.params.id;
JsonRoutes.sendResult(res, {
code: 200,
@@ -543,6 +545,7 @@ if (Meteor.isServer) {
});
});
JsonRoutes.add('POST', '/api/users/', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const id = Accounts.createUser({
username: req.body.username,
email: req.body.email,
@@ -558,6 +561,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('DELETE', '/api/users/:id', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const id = req.params.id;
Meteor.users.remove({ _id: id });
JsonRoutes.sendResult(res, {