diff options
Diffstat (limited to 'models')
-rw-r--r-- | models/boards.js | 4 | ||||
-rw-r--r-- | models/cardComments.js | 4 | ||||
-rw-r--r-- | models/cards.js | 4 | ||||
-rw-r--r-- | models/checklists.js | 4 | ||||
-rw-r--r-- | models/lists.js | 4 | ||||
-rw-r--r-- | models/users.js | 4 |
6 files changed, 24 insertions, 0 deletions
diff --git a/models/boards.js b/models/boards.js index 9cbb5b63..879dde84 100644 --- a/models/boards.js +++ b/models/boards.js @@ -557,6 +557,7 @@ if (Meteor.isServer) { //BOARDS REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards', function (req, res, next) { + Authentication.checkUserId(req.userId); JsonRoutes.sendResult(res, { code: 200, data: Boards.find({ permission: 'public' }).map(function (doc) { @@ -569,6 +570,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = req.params.id; JsonRoutes.sendResult(res, { code: 200, @@ -577,6 +579,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = Boards.insert({ title: req.body.title, members: [ @@ -599,6 +602,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:id', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = req.params.id; Boards.remove({ _id: id }); JsonRoutes.sendResult(res, { diff --git a/models/cardComments.js b/models/cardComments.js index 64af4433..e51275a4 100644 --- a/models/cardComments.js +++ b/models/cardComments.js @@ -84,6 +84,7 @@ if (Meteor.isServer) { //CARD COMMENT REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/comments', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { @@ -99,6 +100,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/comments/:commentId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramCommentId = req.params.commentId; const paramCardId = req.params.cardId; @@ -109,6 +111,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards/:boardId/cards/:cardId/comments', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramCardId = req.params.cardId; const id = CardComments.insert({ @@ -126,6 +129,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:boardId/cards/:cardId/comments/:commentId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramCommentId = req.params.commentId; const paramCardId = req.params.cardId; diff --git a/models/cards.js b/models/cards.js index 2d585825..bbe46b55 100644 --- a/models/cards.js +++ b/models/cards.js @@ -373,6 +373,7 @@ if (Meteor.isServer) { //LISTS REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId/cards', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; JsonRoutes.sendResult(res, { @@ -388,6 +389,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; const paramCardId = req.params.cardId; @@ -398,6 +400,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards/:boardId/lists/:listId/cards', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; const id = Cards.insert({ @@ -418,6 +421,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; const paramCardId = req.params.cardId; diff --git a/models/checklists.js b/models/checklists.js index 4bb580c3..537aecb0 100644 --- a/models/checklists.js +++ b/models/checklists.js @@ -177,6 +177,7 @@ if (Meteor.isServer) { //CARD COMMENT REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/checklists', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { code: 200, @@ -190,6 +191,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramChecklistId = req.params.checklistId; const paramCardId = req.params.cardId; JsonRoutes.sendResult(res, { @@ -199,6 +201,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards/:boardId/cards/:cardId/checklists', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramCardId = req.params.cardId; const checklistToSend = {}; @@ -221,6 +224,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:boardId/cards/:cardId/checklists/:checklistId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramCommentId = req.params.commentId; const paramCardId = req.params.cardId; Checklists.remove({ _id: paramCommentId, cardId: paramCardId }); diff --git a/models/lists.js b/models/lists.js index a10e23b6..7dbdc9f2 100644 --- a/models/lists.js +++ b/models/lists.js @@ -132,6 +132,7 @@ if (Meteor.isServer) { //LISTS REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/boards/:boardId/lists', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; JsonRoutes.sendResult(res, { code: 200, @@ -145,6 +146,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:boardId/lists/:listId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; JsonRoutes.sendResult(res, { @@ -154,6 +156,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('POST', '/api/boards/:boardId/lists', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const id = Lists.insert({ title: req.body.title, @@ -168,6 +171,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/boards/:boardId/lists/:listId', function (req, res, next) { + Authentication.checkUserId( req.userId); const paramBoardId = req.params.boardId; const paramListId = req.params.listId; Lists.remove({ _id: paramListId, boardId: paramBoardId }); diff --git a/models/users.js b/models/users.js index c1ce146a..aa870dca 100644 --- a/models/users.js +++ b/models/users.js @@ -528,6 +528,7 @@ if (Meteor.isServer) { // USERS REST API if (Meteor.isServer) { JsonRoutes.add('GET', '/api/users', function (req, res, next) { + Authentication.checkUserId( req.userId); JsonRoutes.sendResult(res, { code: 200, data: Meteor.users.find({}).map(function (doc) { @@ -536,6 +537,7 @@ if (Meteor.isServer) { }); }); JsonRoutes.add('GET', '/api/users/:id', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = req.params.id; JsonRoutes.sendResult(res, { code: 200, @@ -543,6 +545,7 @@ if (Meteor.isServer) { }); }); JsonRoutes.add('POST', '/api/users/', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = Accounts.createUser({ username: req.body.username, email: req.body.email, @@ -558,6 +561,7 @@ if (Meteor.isServer) { }); JsonRoutes.add('DELETE', '/api/users/:id', function (req, res, next) { + Authentication.checkUserId( req.userId); const id = req.params.id; Meteor.users.remove({ _id: id }); JsonRoutes.sendResult(res, { |