From 6c2e98e6d033fb5d98c25ff1e7fd1bad43276690 Mon Sep 17 00:00:00 2001 From: Yaman Qalieh Date: Sat, 13 Aug 2016 09:02:04 -0400 Subject: [PATCH] add permissions and fix profile/publishing bugs --- hourglass/.meteor/packages | 1 - hourglass/.meteor/versions | 1 - hourglass/client/profile/profile.js | 2 +- hourglass/server/main.js | 16 +++++++++++----- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/hourglass/.meteor/packages b/hourglass/.meteor/packages index 5d82008..8b7faa7 100644 --- a/hourglass/.meteor/packages +++ b/hourglass/.meteor/packages @@ -17,7 +17,6 @@ standard-minifier-js@1.1.8 # JS minifier run for production mode es5-shim@4.6.13 # ECMAScript 5 compatibility for older browsers. ecmascript@0.5.7 # Enable ECMAScript2015+ syntax in app code -insecure@1.0.7 # Allow all DB writes from clients (for prototyping) fortawesome:fontawesome session proyk:meteor-cookies diff --git a/hourglass/.meteor/versions b/hourglass/.meteor/versions index 7358744..7d524cf 100644 --- a/hourglass/.meteor/versions +++ b/hourglass/.meteor/versions @@ -41,7 +41,6 @@ html-tools@1.0.10 htmljs@1.0.10 http@1.1.8 id-map@1.0.8 -insecure@1.0.7 iron:controller@1.0.12 iron:core@1.0.11 iron:dynamic-template@1.0.12 diff --git a/hourglass/client/profile/profile.js b/hourglass/client/profile/profile.js index 8939454..a317043 100644 --- a/hourglass/client/profile/profile.js +++ b/hourglass/client/profile/profile.js @@ -95,7 +95,7 @@ Template.profile.helpers({ avatar() { var dim = window.innerWidth * 1600 / 1920 * 0.16; if (Meteor.user().profile.avatar) { - var pic = Meteor.user().profile.avatar; + var pic = Meteor.user().profile.avatar + ".png"; } else { var pic = "Avatars/" + (Math.floor(Math.random() * (11 - 1)) + 1).toString(); + ".png"; currentprofile = Meteor.user().profile; diff --git a/hourglass/server/main.js b/hourglass/server/main.js index 0c39c48..92a6b7b 100644 --- a/hourglass/server/main.js +++ b/hourglass/server/main.js @@ -42,7 +42,7 @@ Meteor.publish('classes', function() { privacy: false }, { _id: { - $in: this.user().profile.classes + $in: Meteor.users.findOne(this.userId).profile.classes } }] }, { @@ -70,13 +70,15 @@ Meteor.publish('work', function() { } else { return work.find({ class: { - $in: this.user().profile.classes + $in: Meteor.users.findOne(this.userId).profile.classes } }); } }); +Security.permit(['insert', 'update', 'remove']).collections([schools, classes, work]).ifHasRole('superadmin'); + Meteor.methods({ 'genCode': function() { return 'xxxxxx'.replace(/[x]/g, _uuid4); @@ -202,7 +204,7 @@ Meteor.methods({ Meteor.update({_id: change._id}, {$set: {name: change.name, dueDate: change.dueDate, attachments: change.attachments, type: change.type}}); } } else { - throw "Unauthorized." + throw "Unauthorized."; } }, 'addComment': function(input) { @@ -221,7 +223,7 @@ Meteor.methods({ var currentclass = classes.findOne({_id: workobject.class}); if (currentclass.subscribers.indexOf(Meteor.userId()) != -1 && ["confirmations", "reports", "done"].indexOf(input[1]) != -1) { - userindex = workobject[input[1]].indexOf(Meteor.userId()) + userindex = workobject[input[1]].indexOf(Meteor.userId()); if (userindex === -1) { workobject[input[1]] = workobject[input[1]].push(Meteor.userId()); } else { @@ -245,6 +247,10 @@ Meteor.methods({ var current = Meteor.user().profile; current.school = change.school; current.grade = change.grade; + current.classes = change.classes; + if (!current.classes) { + current.classes = []; + } current.description = change.description; current.avatar = change.avatar; current.banner = change.banner; @@ -332,4 +338,4 @@ Meteor.methods({ Roles.removeUsersToRoles(userId, ['admin']); } } -}); \ No newline at end of file +});