From 5eedb68e0f19f682c1ba0378badae9caaed5b271 Mon Sep 17 00:00:00 2001
From: Yaman <ybq987@gmail.com>
Date: Sat, 7 Feb 2015 11:27:10 -0500
Subject: [PATCH] Fixed Security :D git status!

---
 chromebook-checkout-meteor/client/admin.js    | 111 ++--------------
 chromebook-checkout-meteor/client/cart.js     |  15 +--
 chromebook-checkout-meteor/client/checkout.js |  30 +----
 .../client/chromebook.js                      |  15 +--
 .../server/checkingout.js                     | 118 ++++++++++++++++++
 chromebook-checkout-meteor/server/users.js    |  18 ++-
 6 files changed, 143 insertions(+), 164 deletions(-)
 create mode 100644 chromebook-checkout-meteor/server/checkingout.js

diff --git a/chromebook-checkout-meteor/client/admin.js b/chromebook-checkout-meteor/client/admin.js
index 47063ec..d95d3a3 100644
--- a/chromebook-checkout-meteor/client/admin.js
+++ b/chromebook-checkout-meteor/client/admin.js
@@ -21,119 +21,34 @@ ReactiveTabs.createInterface({
 });
 
 Template.admin.events({
-  "submit .add, click .add": function (event) {
-    event.preventDefault();
-
-    var chromebook_number = $("input[name='anumber']")[0].value;
-    var chromebook_serial = $("input[name='aserial']")[0].value;
-    var currNumbers = Chromebooks.find({ number: chromebook_number }).fetch();
-    var currSerials = Chromebooks.find({ serial: chromebook_serial }).fetch();
-
-    if(currNumbers.length !== 0) {
-      alert("That Chromebook already exists!");
-      $("input[name='anumber']")[0].value = "";
-      $("input[name='anumber']")[0].focus();
-      throw new Error("That Chromebook already exists!");
-    }
-    if(currSerials.length !== 0) {
-      alert("That serial number already exists!");
-      $("input[name='aserial']")[0].value = "";
-      $("input[name='aserial']").focus();
-      throw new Error("That serial number already exists!");  
-    }
-
-    if (!((chromebook_number === "") || (chromebook_serial === "")))
-
-     Chromebooks.insert({
-      "status": 0,
-      "userid": null,
-      "last_checkout": null,
-      "serial": chromebook_serial,
-      "number": chromebook_number
-    });
-    // Clear form
+  "submit .add, click .add": function () {
+    Meteor.call('addchromebook', $("input[name='anumber']")[0].value, $("input[name='aserial']")[0].value);
     $("input[name='anumber']")[0].value = "";
     $("input[name='aserial']")[0].value = "";
-    $("input[name='anumber']").focus();
-
-    // Prevent default form
+    $("input[name='anumber']")[0].focus();
     return false;
   },
+
   "submit .addc, click .addc": function (event) {
-    event.preventDefault();
-
-    var cart_number = $("input[name='acnumber']")[0].value;
-    var currCName = carts.find({ number: cart_number }).fetch()
-
-    if(currCName.length !== 0) {
-      alert("That cart already exists!");
-      $("input[name='acnumber']")[0].value = "";
-      $("input[name='acnumber']").focus();
-      throw new Error("That cart already exists!");
-    }
-
-    if (!((cart_number === "")))
-
-    carts.insert({
-      "status": 0,
-      "userid": null,
-      "last_checkout": null,
-      "number": cart_number
-    });
-
-    // Clear form
+    Meteor.call('addcart', $("input[name='acnumber']")[0].value);
     $("input[name='acnumber']")[0].value = "";
-
-    // Prevent default form
     return false;
   },
+
   'click .cross' : function() {
-    if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
-      Chromebooks.remove(this._id);
-    }
+    Meteor.call('removechromebook', this);
   },
+
   'click .crossc' : function() {
-    if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
-      carts.remove(this._id);
-    }
+    Meteor.call('removecart', this);
   },
+
   'click .yieldc' : function() {
-    if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
-      if (this.status === 0) {
-        carts.update(this._id, {$set: {status: 2}});
-      }
-      else if (this.status === 1) {
-        carts.update(this._id, {$set: {status: 2}});
-      }
-      else {
-        carts.update(this._id, {$set: {status: 0}});
-        carts.update(this._id, {$set: {last_checkout: null}});
-        carts.update(this._id, {$set: {userid: null}});
-        carts.update(this._id, {$set: {user: null}});
-      }
-    }
-    else {
-      alert("Access Denied");
-    }
+    Meteor.call('yieldcart', this);
   },
+  
   'click .yield' : function() {
-    if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
-      if (this.status === 0) {
-        Chromebooks.update(this._id, {$set: {status: 2}});
-        Chromebooks.update(this._id, {$set: {user: null}});
-      }
-      else if (this.status ===1) {
-        Chromebooks.update(this._id, {$set: {status: 2}});
-      }
-      else {
-        Chromebooks.update(this._id, {$set: {status: 0}});
-        Chromebooks.update(this._id, {$set: {last_checkout: null}});
-        Chromebooks.update(this._id, {$set: {userid: null}});
-      }
-    }
-    else {
-      alert("Access Denied");
-    }
+    Meteor.call('yieldchromebook', this);
   }
 });
 
diff --git a/chromebook-checkout-meteor/client/cart.js b/chromebook-checkout-meteor/client/cart.js
index 84d89ca..d74b5b0 100644
--- a/chromebook-checkout-meteor/client/cart.js
+++ b/chromebook-checkout-meteor/client/cart.js
@@ -24,20 +24,9 @@ Template.cart.helpers({
 
 Template.cart.events({
   'click .available': function() {
-    if ((carts.findOne({userid: Meteor.userId()}) === undefined) 
-    || (Roles.userIsInRole(Meteor.userId(), ['admin', 'teacher']))) {
-      carts.update(this._id, {$set: {status: 1}});
-      carts.update(this._id, {$set: {last_checkout: new Date()}});
-      carts.update(this._id, {$set: {userid: Meteor.userId()}});
-      carts.update(this._id, {$set: {user: Meteor.user().profile.name}});
-    }
+    Meteor.call('availablecart', this);
   },
   'click .checkedout': function() {
-    if (Meteor.userId() === this.userid) {
-      carts.update(this._id, {$set: {status: 0}});
-      carts.update(this._id, {$set: {last_checkout: null}});
-      carts.update(this._id, {$set: {userid: null}});
-      carts.update(this._id, {$set: {user: null}});
-    }
+    Meteor.call('checkedoutcart', this);
   }
 });
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/client/checkout.js b/chromebook-checkout-meteor/client/checkout.js
index f21d526..4397e06 100644
--- a/chromebook-checkout-meteor/client/checkout.js
+++ b/chromebook-checkout-meteor/client/checkout.js
@@ -11,32 +11,4 @@ Template.checkout.rendered = function() {
         mouseWheel: { deltaFactor: 40 },
         alwaysShowScrollbar: 2
     });
-}
-Object.defineProperty(window, "console", {
-    value: console,
-    writable: false,
-    configurable: false
-});
-
-var i = 0;
-function showWarningAndThrow() {
-    if (!i) {
-        setTimeout(function () {
-            console.log("%cWarning message", "font: 2em sans-serif; color: yellow; background-color: red;");
-        }, 1);
-        i = 1;
-    }
-    throw "Console is disabled";
-}
-
-var l, n = {
-        set: function (o) {
-            l = o;
-        },
-        get: function () {
-            showWarningAndThrow();
-            return l;
-        }
-    };
-Object.defineProperty(console, "_commandLineAPI", n);
-Object.defineProperty(console, "__commandLineAPI", n);
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/client/chromebook.js b/chromebook-checkout-meteor/client/chromebook.js
index 3d0da68..ccac13d 100644
--- a/chromebook-checkout-meteor/client/chromebook.js
+++ b/chromebook-checkout-meteor/client/chromebook.js
@@ -25,21 +25,10 @@ Template.chromebook.helpers({
 Template.chromebook.events({
   
   'click .available': function() {
-    if ((Chromebooks.findOne({userid: Meteor.userId()}) === undefined) 
-    || (Roles.userIsInRole(Meteor.userId(), ['admin', 'teacher']))) {
-      Chromebooks.update(this._id, {$set: {status: 1}});
-      Chromebooks.update(this._id, {$set: {last_checkout: new Date()}});
-      Chromebooks.update(this._id, {$set: {userid: Meteor.userId()}});
-      Chromebooks.update(this._id, {$set: {user: Meteor.user().profile.name}});
-    }
+    Meteor.call('availablechromebook', this);
   },
   'click .checkedout': function() {
-    if (Meteor.userId() === this.userid) {
-      Chromebooks.update(this._id, {$set: {status: 0}});
-      Chromebooks.update(this._id, {$set: {last_checkout: null}});
-      Chromebooks.update(this._id, {$set: {userid: null}});
-      Chromebooks.update(this._id, {$set: {user: null}});
-    }
+    Meteor.call('checkedoutchromebook', this);
   }
 });
 
diff --git a/chromebook-checkout-meteor/server/checkingout.js b/chromebook-checkout-meteor/server/checkingout.js
new file mode 100644
index 0000000..d4859fc
--- /dev/null
+++ b/chromebook-checkout-meteor/server/checkingout.js
@@ -0,0 +1,118 @@
+Meteor.methods({
+	availablechromebook: function(chrome) {
+		if ((Chromebooks.findOne({userid: Meteor.userId()}) === undefined) 
+	    || (Roles.userIsInRole(Meteor.userId(), ['admin', 'teacher']))) {
+	      Chromebooks.update(chrome._id, {$set: {status: 1}});
+	      Chromebooks.update(chrome._id, {$set: {last_checkout: new Date()}});
+	      Chromebooks.update(chrome._id, {$set: {userid: Meteor.userId()}});
+	      Chromebooks.update(chrome._id, {$set: {user: Meteor.user().profile.name}});
+		}
+	},
+	checkedoutchromebook: function(chrome) {
+	    if (Meteor.userId() === chrome.userid) {
+	      Chromebooks.update(chrome._id, {$set: {status: 0}});
+	      Chromebooks.update(chrome._id, {$set: {last_checkout: null}});
+	      Chromebooks.update(chrome._id, {$set: {userid: null}});
+	      Chromebooks.update(chrome._id, {$set: {user: null}});
+	    }
+	},
+	addchromebook: function(chromebook_number, chromebook_serial) {
+	    var currNumbers = Chromebooks.find({ number: chromebook_number }).fetch();
+	    var currSerials = Chromebooks.find({ serial: chromebook_serial }).fetch();
+
+	    if (Roles.userIsInRole(Meteor.userId(), ['admin']) &&
+		    	!((currNumbers.length != 0)
+		    	|| (currSerials.length != 0)
+		    	|| (chromebook_number == "")
+		    	|| (chromebook_serial == ""))) {
+		    Chromebooks.insert({
+		      "status": 0,
+		      "userid": null,
+		      "last_checkout": null,
+		      "serial": chromebook_serial,
+		      "number": chromebook_number
+		    });
+	    }
+	},
+	addcart: function(cart_number) {
+	    var currCName = carts.find({ number: cart_number }).fetch()
+	    if ((currCName.length == 0)
+	    	&& (cart_number != "")
+	    	&& ((Roles.userIsInRole(Meteor.userId(), ['admin'])))) {
+
+		    carts.insert({
+		      "status": 0,
+		      "userid": null,
+		      "last_checkout": null,
+		      "number": cart_number
+		    });
+	    }
+	},
+
+	removechromebook: function(chrome) {
+		if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
+	      Chromebooks.remove(chrome._id);
+	    }
+	},
+	removecart: function(chrome) {
+	    if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
+	      carts.remove(chrome._id);
+	    }
+	},
+	yieldchromebook: function(chrome) {
+		if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
+	      if (chrome.status === 0) {
+	        Chromebooks.update(chrome._id, {$set: {status: 2}});
+	        Chromebooks.update(chrome._id, {$set: {user: null}});
+	      }
+	      else if (chrome.status ===1) {
+	        Chromebooks.update(chrome._id, {$set: {status: 2}});
+	      }
+	      else {
+	        Chromebooks.update(chrome._id, {$set: {status: 0}});
+	        Chromebooks.update(chrome._id, {$set: {last_checkout: null}});
+	        Chromebooks.update(chrome._id, {$set: {userid: null}});
+	      }
+	    }
+	    else {
+	      alert("Access Denied");
+	    }
+	},
+	yieldcart: function(chrome) {
+		if (Roles.userIsInRole(Meteor.userId(), ['admin'])) {
+	      if (chrome.status === 0) {
+	        carts.update(chrome._id, {$set: {status: 2}});
+	      }
+	      else if (chrome.status === 1) {
+	        carts.update(chrome._id, {$set: {status: 2}});
+	      }
+	      else {
+	        carts.update(chrome._id, {$set: {status: 0}});
+	        carts.update(chrome._id, {$set: {last_checkout: null}});
+	        carts.update(chrome._id, {$set: {userid: null}});
+	        carts.update(chrome._id, {$set: {user: null}});
+	      }
+	    }
+	    else {
+	      alert("Access Denied");
+	    }
+	},
+	availablecart: function(chrome) {
+		if ((carts.findOne({userid: Meteor.userId()}) === undefined) 
+	    || (Roles.userIsInRole(Meteor.userId(), ['admin', 'teacher']))) {
+	      carts.update(chrome._id, {$set: {status: 1}});
+	      carts.update(chrome._id, {$set: {last_checkout: new Date()}});
+	      carts.update(chrome._id, {$set: {userid: Meteor.userId()}});
+	      carts.update(chrome._id, {$set: {user: Meteor.user().profile.name}});
+	    }
+	},
+	checkedoutcart: function(chrome) {
+		if (Meteor.userId() === chrome.userid) {
+	      carts.update(chrome._id, {$set: {status: 0}});
+	      carts.update(chrome._id, {$set: {last_checkout: null}});
+	      carts.update(chrome._id, {$set: {userid: null}});
+	      carts.update(chrome._id, {$set: {user: null}});
+	    }
+	}
+
+})
\ No newline at end of file
diff --git a/chromebook-checkout-meteor/server/users.js b/chromebook-checkout-meteor/server/users.js
index 175b00f..b591e9e 100644
--- a/chromebook-checkout-meteor/server/users.js
+++ b/chromebook-checkout-meteor/server/users.js
@@ -1,3 +1,9 @@
+if (Meteor.isClient) {
+
+Chromebooks.permit(['insert', 'update', 'remove']).never().apply();
+carts.permit(['insert', 'update', 'remove']).never().apply();
+};
+
 Meteor.publish('chromebook', function() {
 
   if (Roles.userIsInRole(this.userId, ['admin'])) {
@@ -16,18 +22,8 @@ Meteor.publish('carts', function() {
   }
 });
 
-Chromebooks.permit(['insert', 'update', 'remove']).ifHasRole('admin').apply();
-carts.permit(['insert', 'update', 'remove']).ifHasRole(['admin', 'teacher']).apply();
-
-
-
-/*if ( Check if Meteor.userId() != Current logged in user Meteor.userId if they update hack way ) {
-  Chromebooks.update
-}
-*/
-
 var adminusers = [
-  //Add all Users here
+  //Add all Admins here
   "mminer@bloomfield.org",
   "qalieh.yaman90@bloomfield.org",
   "ksjdragon@gmail.com",