Added permission check to soft removes
This commit is contained in:
Thaum
@@ -129,13 +129,24 @@ var cascadeSoftRemove = function(id, removedWithId){
|
|||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
var checkRemovePermission = function(collectionName, id, self){
|
||||||
|
check(collectionName, String);
|
||||||
|
check(id, String);
|
||||||
|
var collection = Mongo.Collection.get(collectionName);
|
||||||
|
var node = collection.findOne(id);
|
||||||
|
var charId = node && node.charId;
|
||||||
|
checkPermission(self.userId, charId);
|
||||||
|
};
|
||||||
|
|
||||||
Meteor.methods({
|
Meteor.methods({
|
||||||
softRemoveNode: function(collectionName, id){
|
softRemoveNode: function(collectionName, id){
|
||||||
|
checkRemovePermission(collectionName, id, this);
|
||||||
var collection = Mongo.Collection.get(collectionName);
|
var collection = Mongo.Collection.get(collectionName);
|
||||||
collection.softRemove(id);
|
collection.softRemove(id);
|
||||||
cascadeSoftRemove(id, id);
|
cascadeSoftRemove(id, id);
|
||||||
},
|
},
|
||||||
restoreNode: function(collectionName, id){
|
restoreNode: function(collectionName, id){
|
||||||
|
checkRemovePermission(collectionName, id, this);
|
||||||
var collection = Mongo.Collection.get(collectionName);
|
var collection = Mongo.Collection.get(collectionName);
|
||||||
collection.restore(id);
|
collection.restore(id);
|
||||||
_.each(childCollections, function(treeCollection){
|
_.each(childCollections, function(treeCollection){
|
||||||
|
|||||||
Reference in New Issue
Block a user