Extracted board access check function

2 files changed, 10 insertions, 4 deletions

diff --git a/models/boards.js b/models/boards.js
index 3778963f..57493fd3 100644
--- a/models/boards.js
+++ b/models/boards.js
@@ -588,11 +588,8 @@ if (Meteor.isServer) {
   });
 
   JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
-    Authentication.checkLoggedIn( req.userId);
     const id = req.params.id;
-    const board = Boards.findOne({ _id: id });
-    const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
-    Authentication.checkAdminOrCondition(req.userId, normalAccess);
+    Authentication.checkBoardAccess( req.userId, id);
 
     JsonRoutes.sendResult(res, {
       code: 200,
diff --git a/server/authentication.js b/server/authentication.js
index a67b64aa..14e9d1c4 100644
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -39,5 +39,14 @@ Meteor.startup(() => {
     }
   }
 
+  // Helper function. Will throw an error if the user does not have read only access to the given board
+  Authentication.checkBoardAccess = function(userId, boardId) {
+    Authentication.checkLoggedIn(userId);
+
+    const board = Boards.findOne({ _id: boardId });
+    const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId);
+    Authentication.checkAdminOrCondition(userId, normalAccess);
+  }
+
 });