From cac82e4330bd78bef0870040936d92191e7a8cea Mon Sep 17 00:00:00 2001
From: zago <arnaud.zago@gmail.com>
Date: Fri, 7 Jul 2017 11:11:38 +0200
Subject: checking the authorId when adding card

---
 models/cards.js | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/models/cards.js b/models/cards.js
index 415c3bde..64b9c3db 100644
--- a/models/cards.js
+++ b/models/cards.js
@@ -403,21 +403,28 @@ if (Meteor.isServer) {
     Authentication.checkUserId( req.userId);
     const paramBoardId = req.params.boardId;
     const paramListId = req.params.listId;
-    const id = Cards.insert({
-      title: req.body.title,
-      boardId: paramBoardId,
-      listId: paramListId,
-      description: req.body.description,
-      userId : req.body.authorId,
-      sort: 0,
-      members:[ req.body.authorId ],
-    });
-    JsonRoutes.sendResult(res, {
-      code: 200,
-      data: {
-        _id: id,
-      },
-    });
+    const check = Users.findOne({_id:req.body.authorId});
+    if(typeof  check !== 'undefined') {
+        const id = Cards.insert({
+            title: req.body.title,
+            boardId: paramBoardId,
+            listId: paramListId,
+            description: req.body.description,
+            userId: req.body.authorId,
+            sort: 0,
+            members: [req.body.authorId],
+        });
+        JsonRoutes.sendResult(res, {
+            code: 200,
+            data: {
+                _id: id,
+            },
+        });
+    }else{
+        JsonRoutes.sendResult(res, {
+            code: 401,
+        });
+    }
   });
 
   JsonRoutes.add('PUT', '/api/boards/:boardId/lists/:listId/cards/:cardId', function (req, res, next) {
-- 
cgit v1.2.3-1-g7c22