Make sure to respect board acls in the frontend all over the place

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-01-25 13:37:17 +01:00
parent 7fd8419fa9
commit 1a874ba79b
11 changed files with 150 additions and 71 deletions
--- a/src/components/navigation/AppNavigationBoard.vue
+++ b/src/components/navigation/AppNavigationBoard.vue
@@ -124,17 +124,20 @@ export default {

 			// do not show actions while the item is loading
 			if (this.loading === false) {
+				const canManage = this.board.permissions.PERMISSION_MANAGE

-				actions.push({
-					action: () => {
-						this.hideMenu()
-						this.editTitle = this.board.title
-						this.editColor = '#' + this.board.color
-						this.editing = true
-					},
-					icon: 'icon-rename',
-					text: t('deck', 'Edit board'),
-				})
+				if (canManage) {
+					actions.push({
+						action: () => {
+							this.hideMenu()
+							this.editTitle = this.board.title
+							this.editColor = '#' + this.board.color
+							this.editing = true
+						},
+						icon: 'icon-rename',
+						text: t('deck', 'Edit board'),
+					})
+				}

 				actions.push({
 					action: async() => {
@@ -154,46 +157,47 @@ export default {
 					icon: 'icon-clone',
 					text: t('deck', 'Clone board'),
 				})
+				if (canManage) {
+					if (!this.board.archived) {
+						actions.push({
+							action: () => {
+								this.hideMenu()
+								this.loading = true
+								this.$store.dispatch('archiveBoard', this.board)
+							},
+							icon: 'icon-archive',
+							text: t('deck', 'Archive board'),
+						})
+					} else {
+						actions.push({
+							action: () => {
+								this.hideMenu()
+								this.loading = true
+								this.$store.dispatch('unarchiveBoard', this.board)
+							},
+							icon: 'icon-archive',
+							text: t('deck', 'Unarchive board'),
+						})
+					}

-				if (!this.board.archived) {
 					actions.push({
 						action: () => {
 							this.hideMenu()
 							this.loading = true
-							this.$store.dispatch('archiveBoard', this.board)
+							this.boardApi.deleteBoard(this.board)
+								.then(() => {
+									this.loading = false
+									this.deleted = true
+									this.undoTimeoutHandle = setTimeout(() => {
+										this.$store.dispatch('removeBoard', this.board)
+									}, 7000)
+								})
 						},
-						icon: 'icon-archive',
-						text: t('deck', 'Archive board'),
-					})
-				} else {
-					actions.push({
-						action: () => {
-							this.hideMenu()
-							this.loading = true
-							this.$store.dispatch('unarchiveBoard', this.board)
-						},
-						icon: 'icon-archive',
-						text: t('deck', 'Unarchive board'),
+						icon: 'icon-delete',
+						text: t('deck', 'Delete board'),
 					})
 				}

-				actions.push({
-					action: () => {
-						this.hideMenu()
-						this.loading = true
-						this.boardApi.deleteBoard(this.board)
-							.then(() => {
-								this.loading = false
-								this.deleted = true
-								this.undoTimeoutHandle = setTimeout(() => {
-									this.$store.dispatch('removeBoard', this.board)
-								}, 7000)
-							})
-					},
-					icon: 'icon-delete',
-					text: t('deck', 'Delete board'),
-				})
-
 				actions.push({
 					action: () => {
 						const route = this.routeTo