diff --git a/chromebook-checkout-meteor/.meteor/packages b/chromebook-checkout-meteor/.meteor/packages index 85f979f..b775eca 100644 --- a/chromebook-checkout-meteor/.meteor/packages +++ b/chromebook-checkout-meteor/.meteor/packages @@ -16,3 +16,4 @@ templates:tabs accounts-ui percolate:momentum maazalik:malihu-jquery-custom-scrollbar +ongoworks:security diff --git a/chromebook-checkout-meteor/.meteor/versions b/chromebook-checkout-meteor/.meteor/versions index 3919f17..ff01616 100644 --- a/chromebook-checkout-meteor/.meteor/versions +++ b/chromebook-checkout-meteor/.meteor/versions @@ -54,6 +54,7 @@ mrt:purecss@0.6.0 oauth@1.1.3 oauth2@1.1.2 observe-sequence@1.0.4 +ongoworks:security@1.0.1 ordered-dict@1.0.2 percolate:momentum@0.7.0 percolate:velocityjs@1.1.0 diff --git a/chromebook-checkout-meteor/collections/carts.js b/chromebook-checkout-meteor/collections/carts.js index 8e3892b..3df444c 100644 --- a/chromebook-checkout-meteor/collections/carts.js +++ b/chromebook-checkout-meteor/collections/carts.js @@ -1,13 +1,13 @@ carts = new Mongo.Collection("carts"); -carts.allow({ - insert: function (userId, doc) { - return Roles.userIsInRole(userId, ['admin']); - }, - update: function (userId, doc) { - return Roles.userIsInRole(userId, ['admin', 'teacher']; - }, - remove: function (userId, doc) { - return Roles.userIsInRole(userId, ['admin']); - }, - fetch: [] -}); \ No newline at end of file +// carts.allow({ +// insert: function (userId, doc) { +// return Roles.userIsInRole(userId, ['admin']); +// }, +// update: function (userId, doc) { +// return Roles.userIsInRole(userId, ['admin', 'teacher']; +// }, +// remove: function (userId, doc) { +// return Roles.userIsInRole(userId, ['admin']); +// }, +// fetch: [] +// }); \ No newline at end of file diff --git a/chromebook-checkout-meteor/collections/chromebooks.js b/chromebook-checkout-meteor/collections/chromebooks.js index 21a0a2d..9e25f11 100644 --- a/chromebook-checkout-meteor/collections/chromebooks.js +++ b/chromebook-checkout-meteor/collections/chromebooks.js @@ -1,19 +1,13 @@ Chromebooks = new Mongo.Collection("chromebook"); -Chromebooks.allow({ - insert: function (userId, doc) { - return Roles.userIsInRole(userId, ['admin']); - }, - update: function (userId, doc) { - if ((Chromebooks.findOne({userid: Meteor.userId()}) === undefined) - || (Roles.userIsInRole(Meteor.userId(), ['admin', 'teacher']))) { - Chromebooks.update(this._id, {$set: {status: 1}}); - Chromebooks.update(this._id, {$set: {last_checkout: new Date()}}); - Chromebooks.update(this._id, {$set: {userid: Meteor.userId()}}); - Chromebooks.update(this._id, {$set: {user: Meteor.user().profile.name}}); - } - }, - remove: function (userId, doc) { - return Roles.userIsInRole(userId, ['admin']); - }, - fetch: [] -}); \ No newline at end of file +// Chromebooks.allow({ +// insert: function (userId, doc) { +// return Roles.userIsInRole(userId, ['admin']); +// }, +// update: function (userId, doc) { +// return (userId != null); +// }, +// remove: function (userId, doc) { +// return Roles.userIsInRole(userId, ['admin']); +// }, +// fetch: [] +// }); \ No newline at end of file diff --git a/chromebook-checkout-meteor/server/users.js b/chromebook-checkout-meteor/server/users.js index c7eff2c..3f75751 100644 --- a/chromebook-checkout-meteor/server/users.js +++ b/chromebook-checkout-meteor/server/users.js @@ -11,10 +11,14 @@ Meteor.publish('chromebook', function() { }); Meteor.publish('carts', function() { - return carts.find(); + if (Roles.userIsInRole(this.userId, ['admin', 'teacher'])) { + return carts.find(); + } }); +Posts.permit(['insert', 'update', 'remove']).never(); var adminusers = [ + //Add all Users here "mminer@bloomfield.org", "qalieh.yaman90@bloomfield.org", "ksjdragon@gmail.com",