From 45576e761998753e2b85b346df58ea88d74dc5f9 Mon Sep 17 00:00:00 2001
From: Kenneth Jao <ksjdragon@gmail.com>
Date: Fri, 19 Aug 2016 21:59:41 -0400
Subject: [PATCH] Prevented moving dates for unauthorized users

---
 hourglass/client/main/main.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hourglass/client/main/main.js b/hourglass/client/main/main.js
index e81c749..bf039a7 100644
--- a/hourglass/client/main/main.js
+++ b/hourglass/client/main/main.js
@@ -143,6 +143,13 @@ Template.main.helpers({
         }
     },
     calendarOptions() {
+        var inRole = false;
+        if(Meteor.userId() === Session.get("currentWork").creator || 
+               Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin']) ||
+               classes.findOne({_id: Session.get("currentWork")._id}).moderators.indexOf(Meteor.userId()) !== -1||
+               classes.findOne({_id: Session.get("currentWork")._id}).blockEdit.indexOf(Meteor.userId()) !== -1 ||
+               classes.findOne({_id: Session.get("currentWork")._id}).banned.indexOf(Meteor.userId()) !== -1
+              ) var inRole = true;
         return {
             id: "fullcalendar",
             height: window.innerHeight * 0.8,
@@ -165,7 +172,7 @@ Template.main.helpers({
                         title: title,
                         backgroundColor: backgroundColor,
                         borderColor: "#444",
-                        startEditable: true,
+                        startEditable: inRole,
                         className: "workevent",
                     });
                 });