From 6c2e98e6d033fb5d98c25ff1e7fd1bad43276690 Mon Sep 17 00:00:00 2001 From: Yaman Qalieh Date: Sat, 13 Aug 2016 09:02:04 -0400 Subject: [PATCH 1/2] add permissions and fix profile/publishing bugs --- hourglass/.meteor/packages | 1 - hourglass/.meteor/versions | 1 - hourglass/client/profile/profile.js | 2 +- hourglass/server/main.js | 16 +++++++++++----- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/hourglass/.meteor/packages b/hourglass/.meteor/packages index 5d82008..8b7faa7 100644 --- a/hourglass/.meteor/packages +++ b/hourglass/.meteor/packages @@ -17,7 +17,6 @@ standard-minifier-js@1.1.8 # JS minifier run for production mode es5-shim@4.6.13 # ECMAScript 5 compatibility for older browsers. ecmascript@0.5.7 # Enable ECMAScript2015+ syntax in app code -insecure@1.0.7 # Allow all DB writes from clients (for prototyping) fortawesome:fontawesome session proyk:meteor-cookies diff --git a/hourglass/.meteor/versions b/hourglass/.meteor/versions index 7358744..7d524cf 100644 --- a/hourglass/.meteor/versions +++ b/hourglass/.meteor/versions @@ -41,7 +41,6 @@ html-tools@1.0.10 htmljs@1.0.10 http@1.1.8 id-map@1.0.8 -insecure@1.0.7 iron:controller@1.0.12 iron:core@1.0.11 iron:dynamic-template@1.0.12 diff --git a/hourglass/client/profile/profile.js b/hourglass/client/profile/profile.js index 8939454..a317043 100644 --- a/hourglass/client/profile/profile.js +++ b/hourglass/client/profile/profile.js @@ -95,7 +95,7 @@ Template.profile.helpers({ avatar() { var dim = window.innerWidth * 1600 / 1920 * 0.16; if (Meteor.user().profile.avatar) { - var pic = Meteor.user().profile.avatar; + var pic = Meteor.user().profile.avatar + ".png"; } else { var pic = "Avatars/" + (Math.floor(Math.random() * (11 - 1)) + 1).toString(); + ".png"; currentprofile = Meteor.user().profile; diff --git a/hourglass/server/main.js b/hourglass/server/main.js index 0c39c48..92a6b7b 100644 --- a/hourglass/server/main.js +++ b/hourglass/server/main.js @@ -42,7 +42,7 @@ Meteor.publish('classes', function() { privacy: false }, { _id: { - $in: this.user().profile.classes + $in: Meteor.users.findOne(this.userId).profile.classes } }] }, { @@ -70,13 +70,15 @@ Meteor.publish('work', function() { } else { return work.find({ class: { - $in: this.user().profile.classes + $in: Meteor.users.findOne(this.userId).profile.classes } }); } }); +Security.permit(['insert', 'update', 'remove']).collections([schools, classes, work]).ifHasRole('superadmin'); + Meteor.methods({ 'genCode': function() { return 'xxxxxx'.replace(/[x]/g, _uuid4); @@ -202,7 +204,7 @@ Meteor.methods({ Meteor.update({_id: change._id}, {$set: {name: change.name, dueDate: change.dueDate, attachments: change.attachments, type: change.type}}); } } else { - throw "Unauthorized." + throw "Unauthorized."; } }, 'addComment': function(input) { @@ -221,7 +223,7 @@ Meteor.methods({ var currentclass = classes.findOne({_id: workobject.class}); if (currentclass.subscribers.indexOf(Meteor.userId()) != -1 && ["confirmations", "reports", "done"].indexOf(input[1]) != -1) { - userindex = workobject[input[1]].indexOf(Meteor.userId()) + userindex = workobject[input[1]].indexOf(Meteor.userId()); if (userindex === -1) { workobject[input[1]] = workobject[input[1]].push(Meteor.userId()); } else { @@ -245,6 +247,10 @@ Meteor.methods({ var current = Meteor.user().profile; current.school = change.school; current.grade = change.grade; + current.classes = change.classes; + if (!current.classes) { + current.classes = []; + } current.description = change.description; current.avatar = change.avatar; current.banner = change.banner; @@ -332,4 +338,4 @@ Meteor.methods({ Roles.removeUsersToRoles(userId, ['admin']); } } -}); \ No newline at end of file +}); From d5d2f842a3e0bac56d1dd3639f3dafbc89be1913 Mon Sep 17 00:00:00 2001 From: Yaman Qalieh Date: Sat, 13 Aug 2016 13:32:40 -0400 Subject: [PATCH 2/2] web-beautify-js --- hourglass/server/main.js | 90 +++++++++++++++++++++++++++++++--------- 1 file changed, 70 insertions(+), 20 deletions(-) diff --git a/hourglass/server/main.js b/hourglass/server/main.js index 92a6b7b..22e34af 100644 --- a/hourglass/server/main.js +++ b/hourglass/server/main.js @@ -20,8 +20,8 @@ worktype = ["test", "quiz", "project", "normal"]; for (var i = 0; i < superadmins.length; i++) { var superadmin = superadmins[i]; if (Meteor.users.findOne({ - "services.google.email": superadmin - })) { + "services.google.email": superadmin + })) { var userId = Meteor.users.findOne({ "services.google.email": superadmin })._id; @@ -191,17 +191,46 @@ Meteor.methods({ var month = ref.getMonth + 1; ref = new Date(ref.getFullYear() + "-" + month.toString() + "-" + ref.getDate()).getTime(); - var currentclass = classes.findOne({_id: work.findOne({_id: workId}).class}); + var currentclass = classes.findOne({ + _id: work.findOne({ + _id: workId + }).class + }); var authorized = currentclass.moderators.push(currentclass.admin); if (Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin'])) { - Meteor.update({_id: change._id}, {$set: change}); + Meteor.update({ + _id: change._id + }, { + $set: change + }); } else if (authorized.indexOf(Meteor.userId()) != -1) { if (change.name.length <= 50 && worktype.indexOf(type) != -1) { - Meteor.update({_id: change._id}, {$set: {name: change.name, dueDate: change.dueDate, comments: change.comments, attachments: change.attachments, type: change.type}}); + Meteor.update({ + _id: change._id + }, { + $set: { + name: change.name, + dueDate: change.dueDate, + comments: change.comments, + attachments: change.attachments, + type: change.type + } + }); } - } else if (Meteor.userId() === work.findOne({_id: change._id}).creator) { + } else if (Meteor.userId() === work.findOne({ + _id: change._id + }).creator) { if (change.name.length <= 50 && worktype.indexOf(type) != -1 && input.dueDate.getTime() >= ref) { - Meteor.update({_id: change._id}, {$set: {name: change.name, dueDate: change.dueDate, attachments: change.attachments, type: change.type}}); + Meteor.update({ + _id: change._id + }, { + $set: { + name: change.name, + dueDate: change.dueDate, + attachments: change.attachments, + type: change.type + } + }); } } else { throw "Unauthorized."; @@ -209,31 +238,52 @@ Meteor.methods({ }, 'addComment': function(input) { var comment = input[0]; - var workobject = work.findOne({_id: input[1]}); - var currentclass = classes.findOne({_id: workobject.class}); + var workobject = work.findOne({ + _id: input[1] + }); + var currentclass = classes.findOne({ + _id: workobject.class + }); if (typeof comment === "string" && comment.length <= 200 && currentclass.subscribers.indexOf(Meteor.userId()) != -1 && currentclass.blockEdit.indexOf(Meteor.userId()) === -1) { var comments = workobject.comments.push(comment); - work.update({_id: input[1]}, {$set: {comments: comments}}); + work.update({ + _id: input[1] + }, { + $set: { + comments: comments + } + }); } }, 'toggleWork': function(input) { - var workobject = work.findOne({_id: input[0]}); - var currentclass = classes.findOne({_id: workobject.class}); - if (currentclass.subscribers.indexOf(Meteor.userId()) != -1 && - ["confirmations", "reports", "done"].indexOf(input[1]) != -1) { + var workobject = work.findOne({ + _id: input[0] + }); + var currentclass = classes.findOne({ + _id: workobject.class + }); + if (currentclass.subscribers.indexOf(Meteor.userId()) != -1 && ["confirmations", "reports", "done"].indexOf(input[1]) != -1) { userindex = workobject[input[1]].indexOf(Meteor.userId()); if (userindex === -1) { workobject[input[1]] = workobject[input[1]].push(Meteor.userId()); } else { workobject[input[1]] = workobject[input[1]].splice(userindex, 1); } - work.update({_id: input[1]}, {$set: workobject}); + work.update({ + _id: input[1] + }, { + $set: workobject + }); } }, 'deleteWork': function(workId) { - var currentclass = classes.findOne({_id: work.findOne({_id: workId}).class}); + var currentclass = classes.findOne({ + _id: work.findOne({ + _id: workId + }).class + }); var authorized = currentclass.moderators.push(currentclass.admin); if (Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin']) || authorized.indexOf(Meteor.userId()) != -1) { @@ -256,8 +306,8 @@ Meteor.methods({ current.banner = change.banner; current.preferences = change.preferences; if (schools.findOne({ - name: current.school - }) !== null && + name: current.school + }) !== null && Number.isInteger(current.grade) && current.grade >= 9 && current.grade <= 12) { @@ -310,8 +360,8 @@ Meteor.methods({ var index = profile.classes.indexOf(change); if (index >= 0) { if (classes.findOne({ - _id: change - }).admin != Meteor.userId()) { + _id: change + }).admin != Meteor.userId()) { profile.classes.splice(index, 1); Meteor.users.update({ _id: Meteor.userId()