-
Notifications
You must be signed in to change notification settings - Fork 5
/
model.js
135 lines (109 loc) · 3.59 KB
/
model.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
//--------------------------------------------------------------------------
// Collections Definitions
AllTodos = new Meteor.Collection("allTodos");
Todos = new Meteor.Collection("todos");
Lists = new Meteor.Collection("lists");
UsersDirectory = new Meteor.Collection("usersDirectory");
CategoryIcons = new Meteor.Collection("categoryIcons");
//--------------------------------------------------------------------------
// Schemas
// task.text
// task.timestamp
// task.tags
// task.owner
// task.creator
// task.done
// task.star
// task.public
//--------------------------------------------------------------------------
// Collections Access/Deny Rules
UsersDirectory.allow({
insert: function(){
return true;
},
update: function () {
return true;
},
remove: function(){
return true;
}
});
Meteor.users.allow({
insert: function(userId, todo){
// TODO: restrict adding of users to admins
return true;
},
update: function (userId, todos, fields, modifier) {
// TODO: restrict updating of user to admins and self by default
// TODO: restrict public updating to specific user profile items
// TODO: modify following code from updating todo record to update user profile record
//
// return _.all(todos, function (todo) {
// var allowed = [
// "emails",
// "profile",
// "profile.dropbox",
// "username"
// ];
// if (_.difference(fields, allowed).length){
// return false; // tried to write to forbidden field
// }else{
// return true;
// }
// });
return true;
},
remove: function(userId){
// TODO: restrict removing of users to admins and self
return true;
}
});
//--------------------------------------------------------------------------
// Default Items
Todos.allow({
insert: function(userId, todo){
// TODO: restrict adding a task, unless it has a creator
//return userId && todo.owner === userId;
//return false;
return true;
},
update: function (userId, todos, fields, modifier) {
// TODO: restrict updating a task to owner
// TODO: restrict updating tasks to specific fields
// return _.all(todos, function (todo) {
// //if (userId !== todo.owner)
// // return false; // not the owner
//
// var allowed = [
// "text",
// "tags",
// "timestamp",
// "public",
// "done",
// "tags"
// ];
// if (_.difference(fields, allowed).length)
// return false; // tried to write to forbidden field
//
// return true;
// });
return true;
},
remove: function(userId, todos){
// TODO: restrict removing task to owner
return true;
}
});
//--------------------------------------------------------------------------
// Client Side Helper Functions
displayName = function (user) {
if (user.profile && user.profile.name)
{
return user.profile.name;
}else{
return "No Profile Name"
}
};
displayEmail = function (user) {
return user.emails[0].address;
};