diff options
| author | Romulus Urakagi Tsai <urakagi@gmail.com> | 2020-02-13 09:02:26 +0000 |
|---|---|---|
| committer | Romulus Urakagi Tsai <urakagi@gmail.com> | 2020-02-13 09:02:26 +0000 |
| commit | 4b196d537896f39fb76090020cb5851a699546eb (patch) | |
| tree | 28e2e025ce90645ed360bb8c26ab39e6f40214e4 /models/cards.js | |
| parent | b34ed58289a3dae5838d3b621260938a3ecf52d5 (diff) | |
| parent | 3fcde252f705f9527f7190517082a047714a4eec (diff) | |
| download | wekan-4b196d537896f39fb76090020cb5851a699546eb.tar.gz wekan-4b196d537896f39fb76090020cb5851a699546eb.tar.bz2 wekan-4b196d537896f39fb76090020cb5851a699546eb.zip | |
Merge branch 'master' of https://github.com/wekan/wekan into lib-change
Diffstat (limited to 'models/cards.js')
| -rw-r--r-- | models/cards.js | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/models/cards.js b/models/cards.js index 86d22c53..fac8922c 100644 --- a/models/cards.js +++ b/models/cards.js @@ -205,7 +205,8 @@ Cards.attachSchema( }, assignees: { /** - * who assignees of the card (user IDs) + * who is assignee of the card (user ID), + * maximum one ID of assignee in array. */ type: [String], optional: true, @@ -1996,15 +1997,22 @@ if (Meteor.isServer) { * @param {string} description the description of the new card * @param {string} swimlaneId the swimlane ID of the new card * @param {string} [members] the member IDs list of the new card - * @param {string} [assignees] the assignee IDs list of the new card + * @param {string} [assignees] the array of maximum one ID of assignee of the new card * @return_type {_id: string} */ JsonRoutes.add('POST', '/api/boards/:boardId/lists/:listId/cards', function( req, res, ) { - Authentication.checkUserId(req.userId); + // Check user is logged in + Authentication.checkLoggedIn(req.userId); const paramBoardId = req.params.boardId; + // Check user has permission to add card to the board + const board = Boards.findOne({ + _id: paramBoardId, + }); + const addPermission = allowIsBoardMemberCommentOnly(req.userId, board); + Authentication.checkAdminOrCondition(req.userId, addPermission); const paramListId = req.params.listId; const paramParentId = req.params.parentId; const currentCards = Cards.find( @@ -2082,7 +2090,7 @@ if (Meteor.isServer) { * @param {string} [labelIds] the new list of label IDs attached to the card * @param {string} [swimlaneId] the new swimlane ID of the card * @param {string} [members] the new list of member IDs attached to the card - * @param {string} [assignees] the new list of assignee IDs attached to the card + * @param {string} [assignees] the array of maximum one ID of assignee attached to the card * @param {string} [requestedBy] the new requestedBy field of the card * @param {string} [assignedBy] the new assignedBy field of the card * @param {string} [receivedAt] the new receivedAt field of the card |