diff options
Diffstat (limited to 'models/boards.js')
-rw-r--r-- | models/boards.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/models/boards.js b/models/boards.js index 9cbb5b63..879dde84 100644 --- a/models/boards.js +++ b/models/boards.js @@ -557,6 +557,7 @@ if (Meteor.isServer) { //BOARDS REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards', function (req, res, next) { + Authentication.checkUserId(req.userId); JsonRoutes.sendResult(res, { code: 200, data: Boards.find({ permission: 'public' }).map(function (doc) { @@ -569,6 +570,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = req.params.id; JsonRoutes.sendResult(res, { code: 200, @@ -577,6 +579,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = Boards.insert({ title: req.body.title, members: [ @@ -599,6 +602,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:id', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = req.params.id; Boards.remove({ _id: id }); JsonRoutes.sendResult(res, { |