jschaufuss/DiceCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove server check overrides

Browse Source
This commit is contained in:
Andrew Zhu
2019-02-07 15:45:45 -08:00
parent 40c54524a7
commit 2f04d9ec1c
2 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/lib/constants/characterAssetAllowDeny.js
View File

@@ -12,20 +12,19 @@ Meteor.methods({
CHARACTER_SUBSCHEMA_ALLOW = {
// the user must be logged in, and the user must be a writer of the character
// or we must be the server
insert: function(userId, doc) {
var char = Characters.findOne(
doc.charId,
{fields: {owner: 1, writers: 1}}
);
return (userId && char.owner === userId || _.contains(char.writers, userId) || Meteor.isServer);
return (userId && char.owner === userId || _.contains(char.writers, userId));
},
update: function(userId, doc, fields, modifier) {
var char = Characters.findOne(
doc.charId,
{fields: {owner: 1, writers: 1}}
);
return (userId && char.owner === userId || _.contains(char.writers, userId) || Meteor.isServer);
return (userId && char.owner === userId || _.contains(char.writers, userId));
},
remove: function(userId, doc) {
var char = Characters.findOne(
@@ -33,7 +32,7 @@ CHARACTER_SUBSCHEMA_ALLOW = {
{fields: {owner: 1, writers: 1}}
);
if (!char) return true;
return userId && char.owner === userId || _.contains(char.writers, userId) || Meteor.isServer;
return userId && char.owner === userId || _.contains(char.writers, userId);
},
fetch: ["charId"],
};

3
app/lib/functions/parenting.js
View File

@@ -132,9 +132,6 @@ makeParent = function(collection, donatedKeys){
};
var checkPermission = function(userId, charId){
if (Meteor.isServer) { // we always trust server
return true;
}
var char = Characters.findOne(charId, {fields: {owner: 1, writers: 1}});
if (!char)
throw new Meteor.Error("Access Denied, no charId",