kjao/archive
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deleteWork secure and schema update

Browse Source
This commit is contained in:
yamanq 2016-08-12 21:00:32 -04:00
parent 0e571e8942
commit f2fa1fdc20
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hourglass/collections/main.js
View File

@ -29,6 +29,8 @@ work.schema = new SimpleSchema({
name: {type: String}, name: {type: String},
class: {type: String}, class: {type: String},
dueDate: {type: Date}, dueDate: {type: Date},
creator: {type: String},
comments: {type: [String]},
submittor: {type: String, optional: true}, submittor: {type: String, optional: true},
confirmations: {type: [String], optional: true}, confirmations: {type: [String], optional: true},
reports: {type: [String], optional: true}, reports: {type: [String], optional: true},

9
hourglass/server/main.js
View File

@ -178,15 +178,20 @@ Meteor.methods({
input.reports = []; input.reports = [];
input.done = []; input.done = [];
input.numberdone = 0; input.numberdone = 0;
input.creator = Meteor.userId();
input.comments = [];
work.insert(input); work.insert(input);
} }
}, },
'deleteWork': function(workid) { 'deleteWork': function(workId) {
// Add security here var currentclass = classes.findOne({_id: work.findOne({_id: workId}).class});
var authorized = currentclass.moderators.push(currentclass.admin);
if (Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin']) || authorized.indexOf(Meteor.userId()) != -1) {
work.remove({ work.remove({
_id: workid _id: workid
}); });
}
}, },
'editProfile': function(change) { 'editProfile': function(change) {
current = Meteor.user().profile; current = Meteor.user().profile;