added security and fixed bugs in previous push

chromebook-checkout-meteor/collections/carts.js

@@ -1,9 +1,11 @@
 carts = new Mongo.Collection("carts");
 carts.allow({
   insert: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
   },
+  update: userId,
   remove: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
-  }
+  },
+  fetch: userId
 });

chromebook-checkout-meteor/collections/chromebooks.js

@@ -1,9 +1,11 @@
 Chromebooks = new Mongo.Collection("chromebook");
 Chromebooks.allow({
   insert: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
   },
+  update: userId,
   remove: function (userId, doc) {
-    return Roles.userIsInRole(Meteor.user()._id, ['admin']);
+    return Roles.userIsInRole(userId, ['admin']);
-  }
+  },
+  fetch: userId
 });