plz work security

chromebook-checkout-meteor/.meteor/packages

@@ -16,3 +16,4 @@ templates:tabs
 accounts-ui
 percolate:momentum
 maazalik:malihu-jquery-custom-scrollbar
+ongoworks:security

chromebook-checkout-meteor/.meteor/versions

@@ -54,6 +54,7 @@ mrt:purecss@0.6.0
 oauth@1.1.3
 oauth2@1.1.2
 observe-sequence@1.0.4
+ongoworks:security@1.0.1
 ordered-dict@1.0.2
 percolate:momentum@0.7.0
 percolate:velocityjs@1.1.0

chromebook-checkout-meteor/collections/carts.js

@@ -1,13 +1,13 @@
 carts = new Mongo.Collection("carts");
-carts.allow({
-  insert: function (userId, doc) {
-    return Roles.userIsInRole(userId, ['admin']);
-  },
-  update: function (userId, doc) {
-    return Roles.userIsInRole(userId, ['admin', 'teacher'];
-  },
-  remove: function (userId, doc) {
-    return Roles.userIsInRole(userId, ['admin']);
-  },
-  fetch: []
-});
+// carts.allow({
+//   insert: function (userId, doc) {
+//     return Roles.userIsInRole(userId, ['admin']);
+//   },
+//   update: function (userId, doc) {
+//     return Roles.userIsInRole(userId, ['admin', 'teacher'];
+//   },
+//   remove: function (userId, doc) {
+//     return Roles.userIsInRole(userId, ['admin']);
+//   },
+//   fetch: []
+// });

chromebook-checkout-meteor/collections/chromebooks.js

@@ -1,19 +1,13 @@
 Chromebooks = new Mongo.Collection("chromebook");
-Chromebooks.allow({
-  insert: function (userId, doc) {
-    return Roles.userIsInRole(userId, ['admin']);
-  },
-  update: function (userId, doc) {
-  	if ((Chromebooks.findOne({userid: Meteor.userId()}) === undefined) 
-    || (Roles.userIsInRole(Meteor.userId(), ['admin', 'teacher']))) {
-      Chromebooks.update(this._id, {$set: {status: 1}});
-      Chromebooks.update(this._id, {$set: {last_checkout: new Date()}});
-      Chromebooks.update(this._id, {$set: {userid: Meteor.userId()}});
-      Chromebooks.update(this._id, {$set: {user: Meteor.user().profile.name}});
-    }
-  },
-  remove: function (userId, doc) {
-    return Roles.userIsInRole(userId, ['admin']);
-  },
-  fetch: []
-});
+// Chromebooks.allow({
+//   insert: function (userId, doc) {
+//     return Roles.userIsInRole(userId, ['admin']);
+//   },
+//   update: function (userId, doc) {
+//     return (userId != null);
+//   },
+//   remove: function (userId, doc) {
+//     return Roles.userIsInRole(userId, ['admin']);
+//   },
+//   fetch: []
+// });

chromebook-checkout-meteor/server/users.js

@@ -11,10 +11,14 @@ Meteor.publish('chromebook', function() {
 });
 
 Meteor.publish('carts', function() {
-  return carts.find();
+  if (Roles.userIsInRole(this.userId, ['admin', 'teacher'])) {
+    return carts.find();
+  }
 });
 
+Posts.permit(['insert', 'update', 'remove']).never();
 var adminusers = [
+  //Add all Users here
   "mminer@bloomfield.org",
   "qalieh.yaman90@bloomfield.org",
   "ksjdragon@gmail.com",