feat: Version 2

Closes #627, closes #1047

server/api/controllers/board-memberships/create.js

@@ -1,4 +1,14 @@
+/*!
+ * Copyright (c) 2024 PLANKA Software GmbH
+ * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
+ */
+
+const { idInput } = require('../../../utils/inputs');
+
 const Errors = {
+  NOT_ENOUGH_RIGHTS: {
+    notEnoughRights: 'Not enough rights',
+  },
   BOARD_NOT_FOUND: {
     boardNotFound: 'Board not found',
   },
@@ -13,13 +23,11 @@ const Errors = {
 module.exports = {
   inputs: {
     boardId: {
-      type: 'string',
-      regex: /^[0-9]+$/,
+      ...idInput,
       required: true,
     },
     userId: {
-      type: 'string',
-      regex: /^[0-9]+$/,
+      ...idInput,
       required: true,
     },
     role: {
@@ -34,6 +42,9 @@ module.exports = {
   },
 
   exits: {
+    notEnoughRights: {
+      responseType: 'forbidden',
+    },
     boardNotFound: {
       responseType: 'notFound',
     },
@@ -49,7 +60,7 @@ module.exports = {
     const { currentUser } = this.req;
 
     const { board, project } = await sails.helpers.boards
-      .getProjectPath(inputs.boardId)
+      .getPathToProjectById(inputs.boardId)
       .intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
 
     const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
@@ -58,10 +69,18 @@ module.exports = {
       throw Errors.BOARD_NOT_FOUND; // Forbidden
     }
 
-    const user = await sails.helpers.users.getOne(inputs.userId);
+    if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
+      if (inputs.userId !== currentUser.id) {
+        throw Errors.NOT_ENOUGH_RIGHTS;
+      }
+    }
+
+    const user = await User.qm.getOneById(inputs.userId, {
+      withDeactivated: false,
+    });
 
     if (!user) {
-      throw Error.USER_NOT_FOUND;
+      throw Errors.USER_NOT_FOUND;
     }
 
     const values = _.pick(inputs, ['role', 'canComment']);