deleteWork secure and schema update

2016-08-12 21:00:32 -04:00 · 2016-08-12 21:00:32 -04:00 · f2fa1fdc20
commit f2fa1fdc20
parent 0e571e8942
2 changed files with 12 additions and 5 deletions
--- a/hourglass/collections/main.js
+++ b/hourglass/collections/main.js
@ -29,6 +29,8 @@ work.schema = new SimpleSchema({
 	name: {type: String},
 	class: {type: String},
 	dueDate: {type: Date},
+	creator: {type: String},
+	comments: {type: [String]},
 	submittor: {type: String, optional: true},
 	confirmations: {type: [String], optional: true},
 	reports: {type: [String], optional: true},
--- a/hourglass/server/main.js
+++ b/hourglass/server/main.js
@ -178,15 +178,20 @@ Meteor.methods({
            input.reports = [];
            input.done = [];
            input.numberdone = 0;
+            input.creator = Meteor.userId();
+            input.comments = [];
            work.insert(input);
        }

    },
-    'deleteWork': function(workid) {
-        // Add security here
-        work.remove({
-            _id: workid
-        });
+    'deleteWork': function(workId) {
+        var currentclass = classes.findOne({_id: work.findOne({_id: workId}).class});
+        var authorized = currentclass.moderators.push(currentclass.admin);
+        if (Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin']) || authorized.indexOf(Meteor.userId()) != -1) {
+          work.remove({
+              _id: workid
+          });
+        }
    },
    'editProfile': function(change) {
        current = Meteor.user().profile;