Added Allow-Deny Rules
This commit is contained in:
Thaum
@@ -26,3 +26,6 @@ Schemas.Action = new SimpleSchema({
|
||||
});
|
||||
|
||||
Actions.attachSchema(Schemas.Action);
|
||||
|
||||
Actions.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Actions.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -66,3 +66,6 @@ Schemas.Attack = new SimpleSchema({
|
||||
});
|
||||
|
||||
Attacks.attachSchema(Schemas.Attack);
|
||||
|
||||
Attacks.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Attacks.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -26,3 +26,5 @@ Buffs.before.remove(function (userId, buff) {
|
||||
});
|
||||
});
|
||||
|
||||
Buffs.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Buffs.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -434,3 +434,52 @@ Characters.before.remove(function (userId, character) {
|
||||
Containers .remove({charId: character._id});
|
||||
}
|
||||
});
|
||||
|
||||
Characters.allow({
|
||||
insert: function (userId, doc) {
|
||||
// the user must be logged in, and the document must be owned by the user
|
||||
return (userId && doc.owner === userId);
|
||||
},
|
||||
update: function (userId, doc, fields, modifier) {
|
||||
// can only change documents you have write access to
|
||||
return doc.owner === userId ||
|
||||
_.contains(doc.writers, userId);
|
||||
},
|
||||
remove: function (userId, doc) {
|
||||
// can only remove your own documents
|
||||
return doc.owner === userId;
|
||||
},
|
||||
fetch: ["owner", "writers"]
|
||||
});
|
||||
|
||||
Characters.deny({
|
||||
update: function (userId, docs, fields, modifier) {
|
||||
// can't change owners
|
||||
return _.contains(fields, 'owner');
|
||||
}
|
||||
});
|
||||
|
||||
CHARACTER_SUBSCHEMA_ALLOW = {
|
||||
// the user must be logged in, and the user must be a writer of the character
|
||||
insert: function (userId, doc) {
|
||||
var char = Characters.findOne( doc.charId, { fields: {owner: 1, writers: 1} } );
|
||||
return ( userId && char.owner === userId || _.contains(char.writers, userId) );
|
||||
},
|
||||
update: function (userId, doc, fields, modifier) {
|
||||
var char = Characters.findOne( doc.charId, { fields: {owner: 1, writers: 1} } );
|
||||
return ( userId && char.owner === userId || _.contains(char.writers, userId) );
|
||||
},
|
||||
remove: function (userId, doc) {
|
||||
var char = Characters.findOne( doc.charId, { fields: {owner: 1, writers: 1} } );
|
||||
return ( userId && char.owner === userId || _.contains(char.writers, userId) );
|
||||
},
|
||||
fetch: ["charId"]
|
||||
};
|
||||
|
||||
CHARACTER_SUBSCHEMA_DENY = {
|
||||
update: function (userId, docs, fields, modifier) {
|
||||
// can't change character
|
||||
return _.contains(fields, 'charId');
|
||||
},
|
||||
fetch: ["charId"]
|
||||
};
|
||||
|
||||
@@ -20,3 +20,6 @@ Schemas.Class = new SimpleSchema({
|
||||
});
|
||||
|
||||
Classes.attachSchema(Schemas.Class);
|
||||
|
||||
Classes.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Classes.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -90,3 +90,6 @@ Characters.after.insert(function (userId, char) {
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
Effects.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Effects.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -20,3 +20,6 @@ Schemas.Experience = new SimpleSchema({
|
||||
});
|
||||
|
||||
Experiences.attachSchema(Schemas.Experience);
|
||||
|
||||
Experiences.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Experiences.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -36,3 +36,6 @@ Features.after.update(function (userId, feature, fieldNames, modifier, options)
|
||||
Effects.update(effect._id, { $set: {charId: feature.charId, enabled: enabled, name: feature.name} });
|
||||
});
|
||||
}, {fetchPrevious: false});
|
||||
|
||||
Features.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Features.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -8,3 +8,6 @@ Schemas.Note = new SimpleSchema({
|
||||
});
|
||||
|
||||
Notes.attachSchema(Schemas.Note);
|
||||
|
||||
Notes.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Notes.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -24,3 +24,6 @@ Schemas.Proficiency = new SimpleSchema({
|
||||
});
|
||||
|
||||
Proficiencies.attachSchema(Schemas.Proficiency);
|
||||
|
||||
Proficiencies.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Proficiencies.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -32,3 +32,6 @@ SpellLists.before.remove(function (userId, list) {
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
SpellLists.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
SpellLists.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -20,3 +20,6 @@ Schemas.Spell = new SimpleSchema({
|
||||
});
|
||||
|
||||
Spells.attachSchema(Schemas.Spell);
|
||||
|
||||
Spells.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
Spells.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -33,3 +33,6 @@ TemporaryHitPoints.after.update(function (userId, thp, fieldNames, modifier, opt
|
||||
TemporaryHitPoints.remove(thp._id);
|
||||
}
|
||||
}, {fetchPrevious: false});
|
||||
|
||||
TemporaryHitPoints.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
TemporaryHitPoints.deny(CHARACTER_SUBSCHEMA_DENY);
|
||||
|
||||
@@ -39,3 +39,5 @@ Containers.before.remove(function (userId, container) {
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
Containers.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
|
||||
@@ -55,3 +55,5 @@ Items.after.update(function (userId, item, fieldNames, modifier, options) {
|
||||
Attacks.update(attack._id, { $set: {charId: item.charId, enabled: item.equipped, name: item.name} });
|
||||
});
|
||||
}, {fetchPrevious: false});
|
||||
|
||||
Items.allow(CHARACTER_SUBSCHEMA_ALLOW);
|
||||
|
||||
@@ -27,4 +27,4 @@ Template.layout.events({
|
||||
"tap #charactersMenuButton": function(event, instance){
|
||||
Router.go("/");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user