2025-05-10 02:09:06 +02:00
|
|
|
/*!
|
|
|
|
|
* Copyright (c) 2024 PLANKA Software GmbH
|
|
|
|
|
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
|
|
|
|
|
*/
|
|
|
|
|
|
2025-09-08 16:20:27 +02:00
|
|
|
/**
|
|
|
|
|
* @swagger
|
|
|
|
|
* /api/boards/{boardId}/memberships:
|
|
|
|
|
* post:
|
|
|
|
|
* summary: Add user to board
|
|
|
|
|
* description: Adds a user to a board. Requires project manager permissions.
|
|
|
|
|
* tags:
|
|
|
|
|
* - Board Memberships
|
|
|
|
|
* parameters:
|
|
|
|
|
* - name: boardId
|
|
|
|
|
* in: path
|
|
|
|
|
* required: true
|
|
|
|
|
* description: ID of the board to add the user to
|
|
|
|
|
* schema:
|
|
|
|
|
* type: string
|
|
|
|
|
* example: 1357158568008091264
|
|
|
|
|
* requestBody:
|
|
|
|
|
* required: true
|
|
|
|
|
* content:
|
|
|
|
|
* application/json:
|
|
|
|
|
* schema:
|
|
|
|
|
* type: object
|
|
|
|
|
* required:
|
|
|
|
|
* - userId
|
|
|
|
|
* - role
|
|
|
|
|
* properties:
|
|
|
|
|
* userId:
|
|
|
|
|
* type: string
|
|
|
|
|
* description: ID of the user to add to the board
|
|
|
|
|
* example: 1357158568008091265
|
|
|
|
|
* role:
|
|
|
|
|
* type: string
|
|
|
|
|
* enum: [editor, viewer]
|
|
|
|
|
* description: Role of the user in the board
|
|
|
|
|
* example: editor
|
|
|
|
|
* canComment:
|
|
|
|
|
* type: boolean
|
|
|
|
|
* nullable: true
|
|
|
|
|
* description: Whether the user can comment on cards (applies only to viewers)
|
|
|
|
|
* example: true
|
|
|
|
|
* responses:
|
|
|
|
|
* 200:
|
|
|
|
|
* description: User added to board successfully
|
|
|
|
|
* content:
|
|
|
|
|
* application/json:
|
|
|
|
|
* schema:
|
|
|
|
|
* type: object
|
|
|
|
|
* required:
|
|
|
|
|
* - item
|
|
|
|
|
* properties:
|
|
|
|
|
* item:
|
|
|
|
|
* $ref: '#/components/schemas/BoardMembership'
|
|
|
|
|
* 400:
|
|
|
|
|
* $ref: '#/components/responses/ValidationError'
|
|
|
|
|
* 401:
|
|
|
|
|
* $ref: '#/components/responses/Unauthorized'
|
|
|
|
|
* 403:
|
|
|
|
|
* $ref: '#/components/responses/Forbidden'
|
|
|
|
|
* 404:
|
|
|
|
|
* $ref: '#/components/responses/NotFound'
|
|
|
|
|
* 409:
|
|
|
|
|
* $ref: '#/components/responses/Conflict'
|
|
|
|
|
*/
|
|
|
|
|
|
2025-05-10 02:09:06 +02:00
|
|
|
const { idInput } = require('../../../utils/inputs');
|
|
|
|
|
|
2021-06-24 01:05:22 +05:00
|
|
|
const Errors = {
|
2025-05-10 02:09:06 +02:00
|
|
|
NOT_ENOUGH_RIGHTS: {
|
|
|
|
|
notEnoughRights: 'Not enough rights',
|
|
|
|
|
},
|
2021-06-24 01:05:22 +05:00
|
|
|
BOARD_NOT_FOUND: {
|
|
|
|
|
boardNotFound: 'Board not found',
|
|
|
|
|
},
|
|
|
|
|
USER_NOT_FOUND: {
|
|
|
|
|
userNotFound: 'User not found',
|
|
|
|
|
},
|
|
|
|
|
USER_ALREADY_BOARD_MEMBER: {
|
|
|
|
|
userAlreadyBoardMember: 'User already board member',
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
inputs: {
|
|
|
|
|
boardId: {
|
2025-05-10 02:09:06 +02:00
|
|
|
...idInput,
|
2021-06-24 01:05:22 +05:00
|
|
|
required: true,
|
|
|
|
|
},
|
|
|
|
|
userId: {
|
2025-05-10 02:09:06 +02:00
|
|
|
...idInput,
|
2021-06-24 01:05:22 +05:00
|
|
|
required: true,
|
|
|
|
|
},
|
2022-08-19 14:00:40 +02:00
|
|
|
role: {
|
|
|
|
|
type: 'string',
|
|
|
|
|
isIn: Object.values(BoardMembership.Roles),
|
|
|
|
|
required: true,
|
|
|
|
|
},
|
|
|
|
|
canComment: {
|
|
|
|
|
type: 'boolean',
|
2024-02-08 16:42:10 +01:00
|
|
|
allowNull: true,
|
2022-08-19 14:00:40 +02:00
|
|
|
},
|
2021-06-24 01:05:22 +05:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
exits: {
|
2025-05-10 02:09:06 +02:00
|
|
|
notEnoughRights: {
|
|
|
|
|
responseType: 'forbidden',
|
|
|
|
|
},
|
2021-06-24 01:05:22 +05:00
|
|
|
boardNotFound: {
|
|
|
|
|
responseType: 'notFound',
|
|
|
|
|
},
|
|
|
|
|
userNotFound: {
|
|
|
|
|
responseType: 'notFound',
|
|
|
|
|
},
|
|
|
|
|
userAlreadyBoardMember: {
|
|
|
|
|
responseType: 'conflict',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
async fn(inputs) {
|
|
|
|
|
const { currentUser } = this.req;
|
|
|
|
|
|
2024-06-12 00:51:36 +02:00
|
|
|
const { board, project } = await sails.helpers.boards
|
2025-05-10 02:09:06 +02:00
|
|
|
.getPathToProjectById(inputs.boardId)
|
2021-06-24 01:05:22 +05:00
|
|
|
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
|
|
|
|
|
|
2024-06-12 00:51:36 +02:00
|
|
|
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
|
2021-06-24 01:05:22 +05:00
|
|
|
|
|
|
|
|
if (!isProjectManager) {
|
|
|
|
|
throw Errors.BOARD_NOT_FOUND; // Forbidden
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-10 02:09:06 +02:00
|
|
|
if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
|
|
|
|
|
if (inputs.userId !== currentUser.id) {
|
|
|
|
|
throw Errors.NOT_ENOUGH_RIGHTS;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const user = await User.qm.getOneById(inputs.userId, {
|
|
|
|
|
withDeactivated: false,
|
|
|
|
|
});
|
2021-06-24 01:05:22 +05:00
|
|
|
|
|
|
|
|
if (!user) {
|
2025-05-10 02:09:06 +02:00
|
|
|
throw Errors.USER_NOT_FOUND;
|
2021-06-24 01:05:22 +05:00
|
|
|
}
|
|
|
|
|
|
2022-08-19 14:00:40 +02:00
|
|
|
const values = _.pick(inputs, ['role', 'canComment']);
|
|
|
|
|
|
2022-12-26 21:10:50 +01:00
|
|
|
const boardMembership = await sails.helpers.boardMemberships.createOne
|
|
|
|
|
.with({
|
2024-06-12 00:51:36 +02:00
|
|
|
project,
|
2022-12-26 21:10:50 +01:00
|
|
|
values: {
|
|
|
|
|
...values,
|
|
|
|
|
board,
|
|
|
|
|
user,
|
|
|
|
|
},
|
2024-06-12 00:51:36 +02:00
|
|
|
actorUser: currentUser,
|
2022-12-26 21:10:50 +01:00
|
|
|
request: this.req,
|
|
|
|
|
})
|
2021-06-24 01:05:22 +05:00
|
|
|
.intercept('userAlreadyBoardMember', () => Errors.USER_ALREADY_BOARD_MEMBER);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
item: boardMembership,
|
|
|
|
|
};
|
|
|
|
|
},
|
|
|
|
|
};
|
