From 33c191f8e779533e19231850bd0ad8a4201fdc29 Mon Sep 17 00:00:00 2001
From: yamanq <ybq987@gmail.com>
Date: Sun, 1 Feb 2015 23:24:28 -0500
Subject: [PATCH] fix bugs of securtiy

---
 chromebook-checkout-meteor/collections/carts.js       | 8 ++++++--
 chromebook-checkout-meteor/collections/chromebooks.js | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/chromebook-checkout-meteor/collections/carts.js b/chromebook-checkout-meteor/collections/carts.js
index 0d854b2..782dcdb 100644
--- a/chromebook-checkout-meteor/collections/carts.js
+++ b/chromebook-checkout-meteor/collections/carts.js
@@ -3,9 +3,13 @@ carts.allow({
   insert: function (userId, doc) {
     return Roles.userIsInRole(userId, ['admin']);
   },
-  update: userId,
+  update: function (userId, doc) {
+    return (userId != null);
+  },
   remove: function (userId, doc) {
     return Roles.userIsInRole(userId, ['admin']);
   },
-  fetch: userId
+  fetch: function (userId, doc) {
+    return (userId != null);
+  }
 });
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/collections/chromebooks.js b/chromebook-checkout-meteor/collections/chromebooks.js
index f3af65e..01107cd 100644
--- a/chromebook-checkout-meteor/collections/chromebooks.js
+++ b/chromebook-checkout-meteor/collections/chromebooks.js
@@ -3,9 +3,13 @@ Chromebooks.allow({
   insert: function (userId, doc) {
     return Roles.userIsInRole(userId, ['admin']);
   },
-  update: userId,
+  update: function (userId, doc) {
+    return (userId != null);
+  },
   remove: function (userId, doc) {
     return Roles.userIsInRole(userId, ['admin']);
   },
-  fetch: userId
+  fetch: function (userId, doc) {
+    return (userId != null);
+  }
 });
\ No newline at end of file