From 7e1c11dcec4e4a406b3c856bacf24edb909ebdf2 Mon Sep 17 00:00:00 2001 From: Yaman Qalieh Date: Fri, 18 Nov 2016 19:54:39 -0500 Subject: [PATCH] add banning --- hourglass/server/main.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/hourglass/server/main.js b/hourglass/server/main.js index de66d24..efa059c 100644 --- a/hourglass/server/main.js +++ b/hourglass/server/main.js @@ -128,6 +128,13 @@ Meteor.publish('users', function() { // Allows only superadmins to edit collections from client Security.permit(['insert', 'update', 'remove']).collections([schools, classes, work]).ifHasRole('superadmin'); +Accounts.validateLoginAttempt(function(info) { + var user = info.user; + + if(user.isBanned) throw new Meteor.Error(403, 'You are banned'); + +}); + var errors = [ "Success.", // 0 @@ -270,6 +277,10 @@ function securityCheck(checklist, input) { case 26: if (teachers.find({name: input.teacherName, school: input.school}).fetch().length > 0) error = 19; break; + // Not banning admin + case 27: + if (Roles.userIsInRole(input.userId, ['superadmin', 'admin'])) error = errors.length - 2; + break; } results.push(error); } @@ -797,5 +808,21 @@ Meteor.methods({ } else { throw new Meteor.Error(errors[security]); } + }, + 'ban': function(studentId) { + var security = securityCheck([1, 27, true], {userId: studentId}); + if (!security) { + Meteor.users.update({_id: studentId}, {$set: {banned: true}}); + } else { + throw new Meteor.Error(errors[security]); + } + }, + 'unban': function(studentId) { + var security = securityCheck([1, true], {userId: studentId}); + if (!security) { + Meteor.users.update({_id: studentId}, {$set: {banned: false}}); + } else { + throw new Meteor.Error(errors[security]); + } } });