diff options
Diffstat (limited to 'models/boards.js')
| -rw-r--r-- | models/boards.js | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/models/boards.js b/models/boards.js index 879dde84..8a7844e2 100644 --- a/models/boards.js +++ b/models/boards.js @@ -556,6 +556,28 @@ if (Meteor.isServer) { //BOARDS REST API if (Meteor.isServer) { + JsonRoutes.add('GET', '/api/users/:userId/boards', function (req, res, next) { + Authentication.checkLoggedIn(req.userId); + const paramUserId = req.params.userId; + // A normal user should be able to see their own boards, + // admins can access boards of any user + Authentication.checkAdminOrCondition(req.userId, req.userId === paramUserId); + + const data = Boards.find({ + archived: false, + 'members.userId': req.userId, + }, { + sort: ['title'], + }).map(function(board) { + return { + _id: board._id, + title: board.title, + }; + }); + + JsonRoutes.sendResult(res, {code: 200, data}); + }); + JsonRoutes.add('GET', '/api/boards', function (req, res, next) { Authentication.checkUserId(req.userId); JsonRoutes.sendResult(res, { @@ -570,8 +592,9 @@ if (Meteor.isServer) { }); JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) { - Authentication.checkUserId( req.userId); const id = req.params.id; + Authentication.checkBoardAccess( req.userId, id); + JsonRoutes.sendResult(res, { code: 200, data: Boards.findOne({ _id: id }), @@ -612,5 +635,4 @@ if (Meteor.isServer) { }, }); }); - } |