diff options
Diffstat (limited to 'server/authentication.js')
-rw-r--r-- | server/authentication.js | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/server/authentication.js b/server/authentication.js index 816c4d4c..23ed8f56 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -17,5 +17,36 @@ Meteor.startup(() => { }; + // This will only check if the user is logged in. + // The authorization checks for the user will have to be done inside each API endpoint + Authentication.checkLoggedIn = function(userId) { + if(userId === undefined) { + const error = new Meteor.Error('Unauthorized', 'Unauthorized'); + error.statusCode = 401; + throw error; + } + }; + + // An admin should be authorized to access everything, so we use a separate check for admins + // This throws an error if otherReq is false and the user is not an admin + Authentication.checkAdminOrCondition = function(userId, otherReq) { + if(otherReq) return; + const admin = Users.findOne({ _id: userId, isAdmin: true }); + if (admin === undefined) { + const error = new Meteor.Error('Forbidden', 'Forbidden'); + error.statusCode = 403; + throw error; + } + }; + + // Helper function. Will throw an error if the user does not have read only access to the given board + Authentication.checkBoardAccess = function(userId, boardId) { + Authentication.checkLoggedIn(userId); + + const board = Boards.findOne({ _id: boardId }); + const normalAccess = board.permission === 'public' || board.members.some((e) => e.userId === userId); + Authentication.checkAdminOrCondition(userId, normalAccess); + }; + }); |