jschaufuss/DiceCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added permission check to soft removes

Browse Source
This commit is contained in:
Thaum
2015-04-07 11:40:11 +00:00
parent 7d0993601f
commit 67f08fc60f
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
rpg-docs/lib/functions/parenting.js
View File

@@ -129,13 +129,24 @@ var cascadeSoftRemove = function(id, removedWithId){
});
};
var checkRemovePermission = function(collectionName, id, self){
check(collectionName, String);
check(id, String);
var collection = Mongo.Collection.get(collectionName);
var node = collection.findOne(id);
var charId = node && node.charId;
checkPermission(self.userId, charId);
};
Meteor.methods({
softRemoveNode: function(collectionName, id){
checkRemovePermission(collectionName, id, this);
var collection = Mongo.Collection.get(collectionName);
collection.softRemove(id);
cascadeSoftRemove(id, id);
},
restoreNode: function(collectionName, id){
checkRemovePermission(collectionName, id, this);
var collection = Mongo.Collection.get(collectionName);
collection.restore(id);
_.each(childCollections, function(treeCollection){