Add allows for ChannelMemberships

c89f4d84 · Manuel Gauto · a330c5ff · c89f4d84 · c89f4d84 · c89f4d84
Commit c89f4d84 authored Nov 18, 2014 by Manuel Gauto
--- a/.collections.js.swp
+++ b/.collections.js.swp
--- a/.meteor/packages
+++ b/.meteor/packages
@@ -9,4 +9,5 @@ insecure
 iron:router
 ewall:foundation
 aldeed:collection2
+alanning:roles

--- a/.meteor/versions
+++ b/.meteor/versions
+accounts-base@1.1.2
+alanning:roles@1.2.13
 aldeed:collection2@2.2.0
 aldeed:simple-schema@1.0.3
 application-configuration@1.0.3
@@ -36,6 +38,7 @@ jquery@1.0.1
 json@1.0.1
 launch-screen@1.0.0
 livedata@1.0.11
+localstorage@1.0.1
 logging@1.0.5
 meteor-platform@1.2.0
 meteor@1.1.3
@@ -52,6 +55,7 @@ reactive-var@1.0.3
 reload@1.1.1
 retry@1.0.1
 routepolicy@1.0.2
+service-configuration@1.0.2
 session@1.0.4
 spacebars-compiler@1.0.3
 spacebars@1.0.3

--- a/collections.js
+++ b/collections.js
@@ -79,6 +79,81 @@ if(Meteor.isServer) {
  Meteor.publish('channelMemberships', function() {
    return ChannelMemberships.find({userId: Meteor.userId()}).fetch();
  });
+
+  //Allow Statements
+  Channels.allow({
+    insert: function(userId, channel) {
+      
+    },
+    remove: function(userId, channel) {
+      
+    },
+    update: function(userId, channel) {
+      
+    }
+  });
+  ChannelMemberships.allow({
+    /* Users should only be able to manage ChannelMemberships under these conditions
+     *    - It is their membership
+     *    - It is their channel
+     *    - They are an admin
+     */
+    insert: function(userId, channelMembership) {
+      //Check to see if they are an admin
+      if(Roles.userIsInRole(loggedInUser, 'admin')) {
+        return true;
+      }
+      //Check to see if it their channel
+      var channelObj = Channels.findOne(channelMembership.channelId);
+      var channelOwnerId = channelObj.createdBy;
+      if(channelOwnerId === userId) {
+        return true;
+      }
+      //Check if it is their membership
+      return (channelMembership.userId===userId);
+    },
+    remove: function(userId, channelMembership) {
+      //Check to see if they are an admin
+      if(Roles.userIsInRole(loggedInUser, 'admin')) {
+        return true;
+      }
+      //Check to see if it their channel
+      var channelObj = Channels.findOne(channelMembership.channelId);
+      var channelOwnerId = channelObj.createdBy;
+      if(channelOwnerId === userId) {
+        return true;
+      }
+      //Check if it is their membership
+      return (channelMembership.userId===userId);
+    
+    },
+    update: function(userId, channelMembership) {
+      //Check to see if they are an admin
+      if(Roles.userIsInRole(loggedInUser, 'admin')) {
+        return true;
+      }
+      //Check to see if it their channel
+      var channelObj = Channels.findOne(channelMembership.channelId);
+      var channelOwnerId = channelObj.createdBy;
+      if(channelOwnerId === userId) {
+        return true;
+      }
+      //Check if it is their membership
+      return (channelMembership.userId===userId);
+    }
+  });
+  Messages.allow({
+    insert: function(userId, message) {
+      return (message.senderId===userId);
+    },
+    remove: function(userId, message) {
+      return (message.senderId===userId);
+    },
+    update: function(userId, message) {
+      return (message.senderId===userId);
+    }
+  });
+
 }
 if(Meteor.isClient) {
  Meteor.subscribe('channels');