diff options
author | mayjs <johannes.may@udo.edu> | 2017-05-15 21:41:21 +0200 |
---|---|---|
committer | mayjs <johannes.may@udo.edu> | 2017-05-15 21:41:21 +0200 |
commit | c59891d44b09af1ed2112b1f524046376167dbed (patch) | |
tree | f8120a09eec9c0310811fbd70603ac50f652393e /models | |
parent | cb99fc582ef50a4b6dfbbabdcf93998bc1478496 (diff) | |
download | wekan-c59891d44b09af1ed2112b1f524046376167dbed.tar.gz wekan-c59891d44b09af1ed2112b1f524046376167dbed.tar.bz2 wekan-c59891d44b09af1ed2112b1f524046376167dbed.zip |
Added readonly user access to cards
Diffstat (limited to 'models')
-rw-r--r-- | models/cards.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/models/cards.js b/models/cards.js index bbe46b55..c48b4845 100644 --- a/models/cards.js +++ b/models/cards.js @@ -373,9 +373,9 @@ if (Meteor.isServer) { //LISTS REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId/cards', function (req, res, next) { - Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; + Authentication.checkBoardAccess( req.userId, paramBoardId); JsonRoutes.sendResult(res, { code: 200, data: Cards.find({ boardId: paramBoardId, listId: paramListId, archived: false }).map(function (doc) { @@ -389,10 +389,10 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) { - Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; const paramCardId = req.params.cardId; + Authentication.checkBoardAccess( req.userId, paramBoardId); JsonRoutes.sendResult(res, { code: 200, data: Cards.findOne({ _id: paramCardId, listId: paramListId, boardId: paramBoardId, archived: false }), |