diff options
author | Robert Lebedeu <robert.lebedeu@mynet.it> | 2019-12-17 12:15:06 +0100 |
---|---|---|
committer | Robert Lebedeu <robert.lebedeu@mynet.it> | 2019-12-17 12:15:06 +0100 |
commit | 40c70c439d3d6ac5a9affe52d386201e7da865b9 (patch) | |
tree | 434bb2c750d982ac61f98e0637da2be9a95ba7f7 /models | |
parent | 2c4d3fa317db1d271e0e3467b0c1092a3e492631 (diff) | |
download | wekan-40c70c439d3d6ac5a9affe52d386201e7da865b9.tar.gz wekan-40c70c439d3d6ac5a9affe52d386201e7da865b9.tar.bz2 wekan-40c70c439d3d6ac5a9affe52d386201e7da865b9.zip |
Allow card creation for board members
- Only for members with card add permission
Diffstat (limited to 'models')
-rw-r--r-- | models/cards.js | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/models/cards.js b/models/cards.js index 816132fe..496c69b3 100644 --- a/models/cards.js +++ b/models/cards.js @@ -2003,8 +2003,15 @@ if (Meteor.isServer) { req, res, ) { - Authentication.checkUserId(req.userId); + // Check user is logged in + Authentication.checkLoggedIn(req.userId); const paramBoardId = req.params.boardId; + // Check user has permission to add card to the board + const board = Boards.findOne({ + _id: paramBoardId + }); + const addPermission = allowIsBoardMemberCommentOnly(req.userId, board); + Authentication.checkAdminOrCondition(req.userId, addPermission); const paramListId = req.params.listId; const paramParentId = req.params.parentId; const currentCards = Cards.find( |