added security and fixed bugs in previous push

2015-02-01 23:20:29 -05:00 · 2015-02-01 23:20:29 -05:00 · 430d300cfe
commit 430d300cfe
parent da253a8ea8
2 changed files with 10 additions and 6 deletions
--- a/chromebook-checkout-meteor/collections/carts.js
+++ b/chromebook-checkout-meteor/collections/carts.js
@ -1,9 +1,11 @@
 carts = new Mongo.Collection("carts");
 carts.allow({
  insert: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
  },
+  update: userId,
  remove: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
-  }
+    return Roles.userIsInRole(userId, ['admin']);
+  },
+  fetch: userId
 });
--- a/chromebook-checkout-meteor/collections/chromebooks.js
+++ b/chromebook-checkout-meteor/collections/chromebooks.js
@ -1,9 +1,11 @@
 Chromebooks = new Mongo.Collection("chromebook");
 Chromebooks.allow({
  insert: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
  },
+  update: userId,
  remove: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
-  }
+    return Roles.userIsInRole(userId, ['admin']);
+  },
+  fetch: userId
 });