diff options
Diffstat (limited to 'models/boards.js')
-rw-r--r-- | models/boards.js | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/models/boards.js b/models/boards.js index 641ecdb9..52d0ca87 100644 --- a/models/boards.js +++ b/models/boards.js @@ -541,11 +541,10 @@ Boards.mutations({ }; }, - setMemberPermission(memberId, isAdmin, isNoComments, isCommentOnly) { + setMemberPermission(memberId, isAdmin, isNoComments, isCommentOnly, currentUserId = Meteor.userId()) { const memberIndex = this.memberIndex(memberId); - // do not allow change permission of self - if (memberId === Meteor.userId()) { + if (memberId === currentUserId) { isAdmin = this.members[memberIndex].isAdmin; } @@ -927,4 +926,29 @@ if (Meteor.isServer) { }); } }); + + JsonRoutes.add('POST', '/api/boards/:boardId/members/:memberId', function (req, res) { + try { + const boardId = req.params.boardId; + const memberId = req.params.memberId; + const {isAdmin, isNoComments, isCommentOnly} = req.body; + Authentication.checkBoardAccess(req.userId, boardId); + const board = Boards.findOne({ _id: boardId }); + function isTrue(data){ + return data.toLowerCase() === 'true'; + } + board.setMemberPermission(memberId, isTrue(isAdmin), isTrue(isNoComments), isTrue(isCommentOnly), req.userId); + + JsonRoutes.sendResult(res, { + code: 200, + data: query, + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); } |