diff options
author | Robert Lebedeu <robert.lebedeu@mynet.it> | 2019-12-17 12:15:41 +0100 |
---|---|---|
committer | Robert Lebedeu <robert.lebedeu@mynet.it> | 2019-12-17 12:15:41 +0100 |
commit | a35df88805410f2028cc9a0235f502d56ee8b87b (patch) | |
tree | 394f4c552b785a906aef6af79108dea6a2266f4f | |
parent | 40c70c439d3d6ac5a9affe52d386201e7da865b9 (diff) | |
download | wekan-a35df88805410f2028cc9a0235f502d56ee8b87b.tar.gz wekan-a35df88805410f2028cc9a0235f502d56ee8b87b.tar.bz2 wekan-a35df88805410f2028cc9a0235f502d56ee8b87b.zip |
Allow checklist creation for board members
- Only for members with checklist add permission
-rw-r--r-- | models/checklists.js | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/models/checklists.js b/models/checklists.js index 3b50cda6..11aba71b 100644 --- a/models/checklists.js +++ b/models/checklists.js @@ -283,8 +283,15 @@ if (Meteor.isServer) { 'POST', '/api/boards/:boardId/cards/:cardId/checklists', function(req, res) { - Authentication.checkUserId(req.userId); - + // Check user is logged in + Authentication.checkLoggedIn(req.userId); + const paramBoardId = req.params.boardId; + // Check user has permission to add checklist to the card + const board = Boards.findOne({ + _id: paramBoardId + }); + const addPermission = allowIsBoardMemberCommentOnly(req.userId, board); + Authentication.checkAdminOrCondition(req.userId, addPermission); const paramCardId = req.params.cardId; const id = Checklists.insert({ title: req.body.title, |