Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-08-07 14:35:29 +02:00
Code Issues Releases Activity

fix: Prevent editors from deleting any comment

Browse source 
Closes #1288
This commit is contained in:
Maksim Eltyshev 2025-08-06 13:37:16 +02:00
parent 48e261ffc4
commit b4f6e24442
2 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
server/api/controllers/comments/delete.js
View file

@ -44,6 +44,10 @@ module.exports = {
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
if (comment.userId !== currentUser.id) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
@ -54,10 +58,6 @@ module.exports = {
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
if (comment.userId !== currentUser.id) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (!boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
}