removed insecure, disabled user editing of chromebooks/carts

2015-02-06 21:28:29 -05:00 · 2015-02-06 21:28:29 -05:00 · 1f4d87e46e
commit 1f4d87e46e
parent 71c8ceef5a
6 changed files with 44 additions and 31 deletions
--- a/chromebook-checkout-meteor/.meteor/packages
+++ b/chromebook-checkout-meteor/.meteor/packages
@ -5,7 +5,6 @@
 # but you can also edit it by hand.

 meteor-platform
-insecure
 iron:router
 momentjs:moment
 accounts-google
--- a/chromebook-checkout-meteor/.meteor/versions
+++ b/chromebook-checkout-meteor/.meteor/versions
@ -26,7 +26,6 @@ html-tools@1.0.3
 htmljs@1.0.3
 http@1.0.9
 id-map@1.0.2
-insecure@1.0.2
 iron:controller@1.0.6
 iron:core@1.0.6
 iron:dynamic-template@1.0.6
--- a/chromebook-checkout-meteor/client/checkout.js
+++ b/chromebook-checkout-meteor/client/checkout.js
@ -12,3 +12,31 @@ Template.checkout.rendered = function() {
        alwaysShowScrollbar: 2
    });
 }
+Object.defineProperty(window, "console", {
+    value: console,
+    writable: false,
+    configurable: false
+});
+
+var i = 0;
+function showWarningAndThrow() {
+    if (!i) {
+        setTimeout(function () {
+            console.log("%cWarning message", "font: 2em sans-serif; color: yellow; background-color: red;");
+        }, 1);
+        i = 1;
+    }
+    throw "Console is disabled";
+}
+
+var l, n = {
+        set: function (o) {
+            l = o;
+        },
+        get: function () {
+            showWarningAndThrow();
+            return l;
+        }
+    };
+Object.defineProperty(console, "_commandLineAPI", n);
+Object.defineProperty(console, "__commandLineAPI", n);
--- a/chromebook-checkout-meteor/collections/carts.js
+++ b/chromebook-checkout-meteor/collections/carts.js
@ -1,13 +1 @@
 carts = new Mongo.Collection("carts");
-// carts.allow({
-//   insert: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   update: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin', 'teacher'];
-//   },
-//   remove: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   fetch: []
-// });
--- a/chromebook-checkout-meteor/collections/chromebooks.js
+++ b/chromebook-checkout-meteor/collections/chromebooks.js
@ -1,13 +1 @@
 Chromebooks = new Mongo.Collection("chromebook");
-// Chromebooks.allow({
-//   insert: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   update: function (userId, doc) {
-//     return (userId != null);
-//   },
-//   remove: function (userId, doc) {
-//     return Roles.userIsInRole(userId, ['admin']);
-//   },
-//   fetch: []
-// });
--- a/chromebook-checkout-meteor/server/users.js
+++ b/chromebook-checkout-meteor/server/users.js
@ -16,7 +16,16 @@ Meteor.publish('carts', function() {
  }
 });

-Chromebooks.permit(['insert', 'update', 'remove']).never().apply();
+Chromebooks.permit(['insert', 'update', 'remove']).ifHasRole('admin').apply();
+carts.permit(['insert', 'update', 'remove']).ifHasRole(['admin', 'teacher']).apply();
+
+
+
+/*if ( Check if Meteor.userId() != Current logged in user Meteor.userId if they update hack way ) {
+  Chromebooks.update
+}
+*/
+
 var adminusers = [
  //Add all Users here
  "mminer@bloomfield.org",
@ -78,3 +87,5 @@ Meteor.methods({
    Roles.setUserRoles(targetUserId, roles, group)
  }
 })
+
+