ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

security and api

Browse Source 
Signed-off-by: Jakob Röhrl <jakob.roehrl@web.de>
This commit is contained in:
Jakob Röhrl
2020-09-02 08:40:19 +02:00
parent 71780b5578
commit 2a4b0a3ed3
3 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/API.md
View File

@@ -502,6 +502,19 @@ The board list endpoint supports setting an `If-Modified-Since` header to limit
| stackId | Integer | The id of the stack |
#### Response
It will return an object of the new stack containing the new cards as well.
```json
{"title":"l1 (copy)",
"boardId":6,
"deletedAt":0,
"lastModified":0,
"cards":
[{"title":"ME","description":"123","stackId":73,"type":"plain","lastModified":1599028559,"lastEditor":null,"createdAt":1599028559,"labels":[],"assignedUsers":[],"attachments":null,"attachmentCount":0,"owner":{"primaryKey":"root","uid":"root","displayname":"root","type":0},"order":0,"archived":false,"duedate":null,"deletedAt":0,"commentsUnread":0,"id":109,"overdue":0},
{"title":"ka","description":"","stackId":73,"type":"plain","lastModified":1599028559,"lastEditor":null,"createdAt":1599028559,"labels":[],"assignedUsers":[],"attachments":null,"attachmentCount":0,"owner":{"primaryKey":"root","uid":"root","displayname":"root","type":0},"order":1,"archived":false,"duedate":"2020-08-26T22:00:00+00:00","deletedAt":0,"commentsUnread":0,"id":110,"overdue":3}],
"order":999,
"id":73}
```
##### 200 Success

7
lib/Service/StackService.php
View File

@@ -393,6 +393,8 @@ class StackService {
}
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_MANAGE);
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_READ);
if ($this->boardService->isArchived(null, $boardId)) {
throw new StatusException('Operation not allowed. This board is archived.');
}
@@ -400,6 +402,10 @@ class StackService {
$stack = $this->stackMapper->find($id);
$board = $this->boardMapper->find($boardId);
if ($stack->getBoardId() !== $board->getId()) {
throw new StatusException('Operation not allowed. Stack is not part of this board');
}
$newStack = new Stack();
$newStack->setTitle($stack->getTitle() . ' (' . $this->l10n->t('copy') . ')');
@@ -418,7 +424,6 @@ class StackService {
);
$cards = $this->cardMapper->findAll($id);
$newCardArray = [];
foreach ($cards as $card) {
$newCard = new Card();

4
src/components/board/Stack.vue
View File

@@ -43,10 +43,10 @@
</form>
</transition>
<Actions v-if="!isArchived" :force-menu="true">
<ActionButton v-if="canManage" icon="icon-archive" @click="modalArchivAllCardsShow=true">
<ActionButton v-if="canEdit" icon="icon-archive" @click="modalArchivAllCardsShow=true">
{{ t('deck', 'Archive all cards') }}
</ActionButton>
<ActionButton v-if="canEdit" icon="icon-clone" @click="cloneStack(stack)">
<ActionButton v-if="canManage" icon="icon-clone" @click="cloneStack(stack)">
{{ t('deck', 'Clone list') }}
</ActionButton>
<ActionButton v-if="canManage" icon="icon-delete" @click="deleteStack(stack)">