From 430d300cfe90f79b61dd441722f58480ddf28f77 Mon Sep 17 00:00:00 2001
From: yamanq <ybq987@gmail.com>
Date: Sun, 1 Feb 2015 23:20:29 -0500
Subject: [PATCH] added security and fixed bugs in previous push

---
 chromebook-checkout-meteor/collections/carts.js       | 8 +++++---
 chromebook-checkout-meteor/collections/chromebooks.js | 8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/chromebook-checkout-meteor/collections/carts.js b/chromebook-checkout-meteor/collections/carts.js
index b4d6c32..0d854b2 100644
--- a/chromebook-checkout-meteor/collections/carts.js
+++ b/chromebook-checkout-meteor/collections/carts.js
@@ -1,9 +1,11 @@
 carts = new Mongo.Collection("carts");
 carts.allow({
   insert: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
   },
+  update: userId,
   remove: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
-  }
+    return Roles.userIsInRole(userId, ['admin']);
+  },
+  fetch: userId
 });
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/collections/chromebooks.js b/chromebook-checkout-meteor/collections/chromebooks.js
index 6734736..f3af65e 100644
--- a/chromebook-checkout-meteor/collections/chromebooks.js
+++ b/chromebook-checkout-meteor/collections/chromebooks.js
@@ -1,9 +1,11 @@
 Chromebooks = new Mongo.Collection("chromebook");
 Chromebooks.allow({
   insert: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
   },
+  update: userId,
   remove: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
-  }
+    return Roles.userIsInRole(userId, ['admin']);
+  },
+  fetch: userId
 });
\ No newline at end of file