summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorRobert Lebedeu <robert.lebedeu@mynet.it>2019-12-17 12:15:06 +0100
committerRobert Lebedeu <robert.lebedeu@mynet.it>2019-12-17 12:15:06 +0100
commit40c70c439d3d6ac5a9affe52d386201e7da865b9 (patch)
tree434bb2c750d982ac61f98e0637da2be9a95ba7f7 /models
parent2c4d3fa317db1d271e0e3467b0c1092a3e492631 (diff)
downloadwekan-40c70c439d3d6ac5a9affe52d386201e7da865b9.tar.gz
wekan-40c70c439d3d6ac5a9affe52d386201e7da865b9.tar.bz2
wekan-40c70c439d3d6ac5a9affe52d386201e7da865b9.zip
Allow card creation for board members
- Only for members with card add permission
Diffstat (limited to 'models')
-rw-r--r--models/cards.js9
1 files changed, 8 insertions, 1 deletions
diff --git a/models/cards.js b/models/cards.js
index 816132fe..496c69b3 100644
--- a/models/cards.js
+++ b/models/cards.js
@@ -2003,8 +2003,15 @@ if (Meteor.isServer) {
req,
res,
) {
- Authentication.checkUserId(req.userId);
+ // Check user is logged in
+ Authentication.checkLoggedIn(req.userId);
const paramBoardId = req.params.boardId;
+ // Check user has permission to add card to the board
+ const board = Boards.findOne({
+ _id: paramBoardId
+ });
+ const addPermission = allowIsBoardMemberCommentOnly(req.userId, board);
+ Authentication.checkAdminOrCondition(req.userId, addPermission);
const paramListId = req.params.listId;
const paramParentId = req.params.parentId;
const currentCards = Cards.find(