From 583fbaa05a3eb369799fdf84ff0894cb44a0ab47 Mon Sep 17 00:00:00 2001
From: Kenneth Jao <ksjdragon@gmail.com>
Date: Mon, 15 Aug 2016 16:03:29 -0400
Subject: [PATCH] Made work uneditable for non-authorized users

---
 hourglass/client/main/main.js | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/hourglass/client/main/main.js b/hourglass/client/main/main.js
index e23d073..71c072b 100644
--- a/hourglass/client/main/main.js
+++ b/hourglass/client/main/main.js
@@ -67,15 +67,17 @@ Template.registerHelper('myClasses', () => {
 		var courses = Meteor.user().profile.classes;
 		for(var i = 0; i < courses.length; i++) {
         	found = classes.findOne({_id:courses[i]});
+
+        	if(found.admin === Meteor.userId()) found.box = " owned";
 	      	array.push(found);
+
 	      	var thisWork = work.find({class: courses[i]}).fetch();
 
 	      	for(var j = 0; j < thisWork.length; j++) {
 		        thisWork[j].dueDate = getReadableDate(thisWork[j].dueDate);
 		        thisWork[j].typeColor = workColors[thisWork[j].type];
 	      	}
-	     	 array[i].thisClassWork = thisWork;
-        	console.log(array);
+	     	array[i].thisClassWork = thisWork;
     	}
     	return array;
     }	
@@ -191,7 +193,9 @@ Template.main.helpers({
     	} else {
     		if(Meteor.userId() === Session.get("currentWork").creator || 
     		Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin']) ||
-    		classes.findOne({_id: Session.get("currentWork")._id}).moderators.indexOf(Meteor.userId()) !== -1
+    		classes.findOne({_id: Session.get("currentWork")._id}).moderators.indexOf(Meteor.userId()) !== -1||
+    		classes.findOne({_id: Session.get("currentWork")._id}).blockEdit.indexOf(Meteor.userId()) !== -1 ||
+    		classes.findOne({_id: Session.get("currentWork")._id}).banned.indexOf(Meteor.userId()) !== -1
     		) return true;
     	}
     }
@@ -299,6 +303,13 @@ Template.main.events({
         openDivFade(document.getElementsByClassName("overlay")[0]);
     },
     'click .change' (event) {
+    	if(!(Meteor.userId() === Session.get("currentWork").creator || 
+    		Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin']) ||
+    		classes.findOne({_id: Session.get("currentWork")._id}).moderators.indexOf(Meteor.userId()) !== -1 ||
+    		classes.findOne({_id: Session.get("currentWork")._id}).blockEdit.indexOf(Meteor.userId()) !== -1 ||
+    		classes.findOne({_id: Session.get("currentWork")._id}).banned.indexOf(Meteor.userId()) !== -1
+    		)) return;
+
     	var ele = event.target;
         var sessval = Session.get("modifying");
         if (ele.id !== sessval && sessval !== null) closeInput(sessval);