From 1e8d9f02f32a83bc3514330be53f7bd21156142b Mon Sep 17 00:00:00 2001
From: mayjs <johannes.may@udo.edu>
Date: Mon, 15 May 2017 21:02:31 +0200
Subject: Extracted board access check function

---
 models/boards.js         | 5 +----
 server/authentication.js | 9 +++++++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/models/boards.js b/models/boards.js
index 3778963f..57493fd3 100644
--- a/models/boards.js
+++ b/models/boards.js
@@ -588,11 +588,8 @@ if (Meteor.isServer) {
   });
 
   JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
-    Authentication.checkLoggedIn( req.userId);
     const id = req.params.id;
-    const board = Boards.findOne({ _id: id });
-    const normalAccess = board.permission === 'public' || board.members.some(e => e._id === req.userId);
-    Authentication.checkAdminOrCondition(req.userId, normalAccess);
+    Authentication.checkBoardAccess( req.userId, id);
 
     JsonRoutes.sendResult(res, {
       code: 200,
diff --git a/server/authentication.js b/server/authentication.js
index a67b64aa..14e9d1c4 100644
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -39,5 +39,14 @@ Meteor.startup(() => {
     }
   }
 
+  // Helper function. Will throw an error if the user does not have read only access to the given board
+  Authentication.checkBoardAccess = function(userId, boardId) {
+    Authentication.checkLoggedIn(userId);
+
+    const board = Boards.findOne({ _id: boardId });
+    const normalAccess = board.permission === 'public' || board.members.some(e => e.userId === userId);
+    Authentication.checkAdminOrCondition(userId, normalAccess);
+  }
+
 });
 
-- 
cgit v1.2.3-1-g7c22