From 33caf1809a459b136b671f7061f08eb5e8d5e920 Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Tue, 2 Oct 2018 00:21:43 +0300
Subject: - REST API: Add member with role to board. Remove member from board. 
  Docs: https://github.com/wekan/wekan/wiki/REST-API-Role - OAuth2: Change
 Oidc preferred_username back to username.

Thanks to xet7 !

Related #1861
---
 models/users.js | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 76 insertions(+), 1 deletion(-)

diff --git a/models/users.js b/models/users.js
index d1b8d047..60e9e759 100644
--- a/models/users.js
+++ b/models/users.js
@@ -491,7 +491,7 @@ if (Meteor.isServer) {
     if (user.services.oidc) {
       const email = user.services.oidc.email.toLowerCase();
 
-      user.username = user.services.oidc.preferred_username;
+      user.username = user.services.oidc.username;
       user.emails = [{ address: email, verified: true }];
       const initials = user.services.oidc.fullname.match(/\b[a-zA-Z]/g).join('').toUpperCase();
       user.profile = { initials, fullname: user.services.oidc.fullname };
@@ -766,6 +766,81 @@ if (Meteor.isServer) {
     }
   });
 
+  JsonRoutes.add('POST', '/api/boards/:boardId/members/:userId/add', function (req, res) {
+    try {
+      Authentication.checkUserId(req.userId);
+      const userId = req.params.userId;
+      const boardId = req.params.boardId;
+      const action = req.body.action;
+      const {isAdmin, isNoComments, isCommentOnly} = req.body;
+      let data = Meteor.users.findOne({ _id: userId });
+      if (data !== undefined) {
+        if (action === 'add') {
+          data = Boards.find({
+            _id: boardId,
+          }).map(function(board) {
+            if (!board.hasMember(userId)) {
+              board.addMember(userId);
+              function isTrue(data){
+                return data.toLowerCase() === 'true';
+              }
+              board.setMemberPermission(userId, isTrue(isAdmin), isTrue(isNoComments), isTrue(isCommentOnly), userId);
+            }
+            return {
+              _id: board._id,
+              title: board.title,
+            };
+          });
+        }
+      }
+      JsonRoutes.sendResult(res, {
+        code: 200,
+        data: query,
+      });
+    }
+    catch (error) {
+      JsonRoutes.sendResult(res, {
+        code: 200,
+        data: error,
+      });
+    }
+  });
+
+  JsonRoutes.add('POST', '/api/boards/:boardId/members/:userId/remove', function (req, res) {
+    try {
+      Authentication.checkUserId(req.userId);
+      const userId = req.params.userId;
+      const boardId = req.params.boardId;
+      const action = req.body.action;
+      let data = Meteor.users.findOne({ _id: userId });
+      if (data !== undefined) {
+        if (action === 'remove') {
+          data = Boards.find({
+            _id: boardId,
+          }).map(function(board) {
+            if (board.hasMember(userId)) {
+              board.removeMember(userId);
+            }
+            return {
+              _id: board._id,
+              title: board.title,
+            };
+          });
+        }
+      }
+      JsonRoutes.sendResult(res, {
+        code: 200,
+        data: query,
+      });
+    }
+    catch (error) {
+      JsonRoutes.sendResult(res, {
+        code: 200,
+        data: error,
+      });
+    }
+  });
+
   JsonRoutes.add('POST', '/api/users/', function (req, res) {
     try {
       Authentication.checkUserId(req.userId);
-- 
cgit v1.2.3-1-g7c22