diff options
Diffstat (limited to 'models/cards.js')
| -rw-r--r-- | models/cards.js | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/models/cards.js b/models/cards.js index 86d22c53..fac8922c 100644 --- a/models/cards.js +++ b/models/cards.js @@ -205,7 +205,8 @@ Cards.attachSchema( }, assignees: { /** - * who assignees of the card (user IDs) + * who is assignee of the card (user ID), + * maximum one ID of assignee in array. */ type: [String], optional: true, @@ -1996,15 +1997,22 @@ if (Meteor.isServer) { * @param {string} description the description of the new card * @param {string} swimlaneId the swimlane ID of the new card * @param {string} [members] the member IDs list of the new card - * @param {string} [assignees] the assignee IDs list of the new card + * @param {string} [assignees] the array of maximum one ID of assignee of the new card * @return_type {_id: string} */ JsonRoutes.add('POST', '/api/boards/:boardId/lists/:listId/cards', function( req, res, ) { - Authentication.checkUserId(req.userId); + // Check user is logged in + Authentication.checkLoggedIn(req.userId); const paramBoardId = req.params.boardId; + // Check user has permission to add card to the board + const board = Boards.findOne({ + _id: paramBoardId, + }); + const addPermission = allowIsBoardMemberCommentOnly(req.userId, board); + Authentication.checkAdminOrCondition(req.userId, addPermission); const paramListId = req.params.listId; const paramParentId = req.params.parentId; const currentCards = Cards.find( @@ -2082,7 +2090,7 @@ if (Meteor.isServer) { * @param {string} [labelIds] the new list of label IDs attached to the card * @param {string} [swimlaneId] the new swimlane ID of the card * @param {string} [members] the new list of member IDs attached to the card - * @param {string} [assignees] the new list of assignee IDs attached to the card + * @param {string} [assignees] the array of maximum one ID of assignee attached to the card * @param {string} [requestedBy] the new requestedBy field of the card * @param {string} [assignedBy] the new assignedBy field of the card * @param {string} [receivedAt] the new receivedAt field of the card |