diff options
| author | mayjs <johannes.may@udo.edu> | 2017-05-15 21:02:31 +0200 |
|---|---|---|
| committer | mayjs <johannes.may@udo.edu> | 2017-05-15 21:02:31 +0200 |
| commit | 1e8d9f02f32a83bc3514330be53f7bd21156142b (patch) | |
| tree | d50981489b79cdb2e1078b9b1488f57d5f176371 /server/authentication.js | |
| parent | 95e2025ff9ac07644175689b873749fc2087eef2 (diff) | |
| download | wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.tar.gz wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.tar.bz2 wekan-1e8d9f02f32a83bc3514330be53f7bd21156142b.zip | |
Extracted board access check function
Diffstat (limited to 'server/authentication.js')
| -rw-r--r-- | server/authentication.js | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/server/authentication.js b/server/authentication.js index a67b64aa..14e9d1c4 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -39,5 +39,14 @@ Meteor.startup(() => { } } + // Helper function. Will throw an error if the user does not have read only access to the given board + Authentication.checkBoardAccess = function(userId, boardId) { + Authentication.checkLoggedIn(userId); + + const board = Boards.findOne({ _id: boardId }); + const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId); + Authentication.checkAdminOrCondition(userId, normalAccess); + } + }); |