summaryrefslogtreecommitdiffstats
path: root/models/users.js
diff options
context:
space:
mode:
Diffstat (limited to 'models/users.js')
-rw-r--r--models/users.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/models/users.js b/models/users.js
index c1ce146a..aa870dca 100644
--- a/models/users.js
+++ b/models/users.js
@@ -528,6 +528,7 @@ if (Meteor.isServer) {
// USERS REST API
if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/users', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
JsonRoutes.sendResult(res, {
code: 200,
data: Meteor.users.find({}).map(function (doc) {
@@ -536,6 +537,7 @@ if (Meteor.isServer) {
});
});
JsonRoutes.add('GET', '/api/users/:id', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const id = req.params.id;
JsonRoutes.sendResult(res, {
code: 200,
@@ -543,6 +545,7 @@ if (Meteor.isServer) {
});
});
JsonRoutes.add('POST', '/api/users/', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const id = Accounts.createUser({
username: req.body.username,
email: req.body.email,
@@ -558,6 +561,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('DELETE', '/api/users/:id', function (req, res, next) {
+ Authentication.checkUserId( req.userId);
const id = req.params.id;
Meteor.users.remove({ _id: id });
JsonRoutes.sendResult(res, {
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-08 21:42:47 +0000