From e0db87c1749acd9c9693170d0e729fb6bf4e8a83 Mon Sep 17 00:00:00 2001
From: Thaum <stefanzermatten@gmail.com>
Date: Mon, 16 Mar 2015 05:56:33 +0000
Subject: [PATCH] Added Allow-Deny Rules

---
 rpg-docs/Model/Character/Actions.js           |  3 ++
 rpg-docs/Model/Character/Attacks.js           |  3 ++
 rpg-docs/Model/Character/Buffs.js             |  2 +
 rpg-docs/Model/Character/Characters.js        | 49 +++++++++++++++++++
 rpg-docs/Model/Character/Classes.js           |  3 ++
 rpg-docs/Model/Character/Effects.js           |  3 ++
 rpg-docs/Model/Character/Experience.js        |  3 ++
 rpg-docs/Model/Character/Features.js          |  3 ++
 rpg-docs/Model/Character/Notes.js             |  3 ++
 rpg-docs/Model/Character/Proficiencies.js     |  3 ++
 rpg-docs/Model/Character/SpellLists.js        |  3 ++
 rpg-docs/Model/Character/Spells.js            |  3 ++
 .../Model/Character/TemporaryHitPoints.js     |  3 ++
 rpg-docs/Model/Inventory/Containers.js        |  2 +
 rpg-docs/Model/Inventory/Items.js             |  2 +
 rpg-docs/client/views/layout/layout.js        |  2 +-
 16 files changed, 89 insertions(+), 1 deletion(-)

diff --git a/rpg-docs/Model/Character/Actions.js b/rpg-docs/Model/Character/Actions.js
index 69ab2d49..19ae7889 100644
--- a/rpg-docs/Model/Character/Actions.js
+++ b/rpg-docs/Model/Character/Actions.js
@@ -26,3 +26,6 @@ Schemas.Action = new SimpleSchema({
 });
 
 Actions.attachSchema(Schemas.Action);
+
+Actions.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Actions.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Attacks.js b/rpg-docs/Model/Character/Attacks.js
index 6d94466d..3ad567f9 100644
--- a/rpg-docs/Model/Character/Attacks.js
+++ b/rpg-docs/Model/Character/Attacks.js
@@ -66,3 +66,6 @@ Schemas.Attack = new SimpleSchema({
 });
 
 Attacks.attachSchema(Schemas.Attack);
+
+Attacks.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Attacks.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Buffs.js b/rpg-docs/Model/Character/Buffs.js
index 591d221c..022147e6 100644
--- a/rpg-docs/Model/Character/Buffs.js
+++ b/rpg-docs/Model/Character/Buffs.js
@@ -26,3 +26,5 @@ Buffs.before.remove(function (userId, buff) {
 	});
 });
 
+Buffs.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Buffs.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Characters.js b/rpg-docs/Model/Character/Characters.js
index f1ae372f..95be022d 100644
--- a/rpg-docs/Model/Character/Characters.js
+++ b/rpg-docs/Model/Character/Characters.js
@@ -434,3 +434,52 @@ Characters.before.remove(function (userId, character) {
 		Containers    .remove({charId: character._id});
 	}
 });
+
+Characters.allow({
+	insert: function (userId, doc) {
+		// the user must be logged in, and the document must be owned by the user
+		return (userId && doc.owner === userId);
+	},
+	update: function (userId, doc, fields, modifier) {
+		// can only change documents you have write access to
+		return doc.owner === userId ||
+			_.contains(doc.writers, userId);
+	},
+	remove: function (userId, doc) {
+		// can only remove your own documents
+		return doc.owner === userId;
+	},
+	fetch: ["owner", "writers"]
+});
+
+Characters.deny({
+	update: function (userId, docs, fields, modifier) {
+		// can't change owners
+		return _.contains(fields, 'owner');
+	}
+});
+
+CHARACTER_SUBSCHEMA_ALLOW = {
+	// the user must be logged in, and the user must be a writer of the character
+	insert: function (userId, doc) {
+		var char = Characters.findOne( doc.charId, { fields: {owner: 1, writers: 1} } );
+		return ( userId && char.owner === userId || _.contains(char.writers, userId) );
+	},
+	update: function (userId, doc, fields, modifier) {
+		var char = Characters.findOne( doc.charId, { fields: {owner: 1, writers: 1} } );
+		return ( userId && char.owner === userId || _.contains(char.writers, userId) );
+	},
+	remove: function (userId, doc) {
+		var char = Characters.findOne( doc.charId, { fields: {owner: 1, writers: 1} } );
+		return ( userId && char.owner === userId || _.contains(char.writers, userId) );
+	},
+	fetch: ["charId"]
+};
+
+CHARACTER_SUBSCHEMA_DENY = {
+	update: function (userId, docs, fields, modifier) {
+		// can't change character
+		return _.contains(fields, 'charId');
+	},
+	fetch: ["charId"]
+};
diff --git a/rpg-docs/Model/Character/Classes.js b/rpg-docs/Model/Character/Classes.js
index e7b3e37c..57412ea3 100644
--- a/rpg-docs/Model/Character/Classes.js
+++ b/rpg-docs/Model/Character/Classes.js
@@ -20,3 +20,6 @@ Schemas.Class = new SimpleSchema({
 });
 
 Classes.attachSchema(Schemas.Class);
+
+Classes.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Classes.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Effects.js b/rpg-docs/Model/Character/Effects.js
index 5afbf118..cc7f8b48 100644
--- a/rpg-docs/Model/Character/Effects.js
+++ b/rpg-docs/Model/Character/Effects.js
@@ -90,3 +90,6 @@ Characters.after.insert(function (userId, char) {
 		});
 	}
 });
+
+Effects.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Effects.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Experience.js b/rpg-docs/Model/Character/Experience.js
index 3affb1e3..1afa1b81 100644
--- a/rpg-docs/Model/Character/Experience.js
+++ b/rpg-docs/Model/Character/Experience.js
@@ -20,3 +20,6 @@ Schemas.Experience = new SimpleSchema({
 });
 
 Experiences.attachSchema(Schemas.Experience);
+
+Experiences.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Experiences.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Features.js b/rpg-docs/Model/Character/Features.js
index 782a6a8a..4898fe65 100644
--- a/rpg-docs/Model/Character/Features.js
+++ b/rpg-docs/Model/Character/Features.js
@@ -36,3 +36,6 @@ Features.after.update(function (userId, feature, fieldNames, modifier, options)
 		Effects.update(effect._id, { $set: {charId: feature.charId, enabled: enabled, name: feature.name} });
 	});
 }, {fetchPrevious: false});
+
+Features.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Features.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Notes.js b/rpg-docs/Model/Character/Notes.js
index 370509f8..83362042 100644
--- a/rpg-docs/Model/Character/Notes.js
+++ b/rpg-docs/Model/Character/Notes.js
@@ -8,3 +8,6 @@ Schemas.Note = new SimpleSchema({
 });
 
 Notes.attachSchema(Schemas.Note);
+
+Notes.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Notes.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Proficiencies.js b/rpg-docs/Model/Character/Proficiencies.js
index 8947e1ef..d31a87ac 100644
--- a/rpg-docs/Model/Character/Proficiencies.js
+++ b/rpg-docs/Model/Character/Proficiencies.js
@@ -24,3 +24,6 @@ Schemas.Proficiency = new SimpleSchema({
 });
 
 Proficiencies.attachSchema(Schemas.Proficiency);
+
+Proficiencies.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Proficiencies.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/SpellLists.js b/rpg-docs/Model/Character/SpellLists.js
index d2603c53..d5089f8f 100644
--- a/rpg-docs/Model/Character/SpellLists.js
+++ b/rpg-docs/Model/Character/SpellLists.js
@@ -32,3 +32,6 @@ SpellLists.before.remove(function (userId, list) {
 		});
 	}
 });
+
+SpellLists.allow(CHARACTER_SUBSCHEMA_ALLOW);
+SpellLists.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/Spells.js b/rpg-docs/Model/Character/Spells.js
index 6371e67c..0ac86408 100644
--- a/rpg-docs/Model/Character/Spells.js
+++ b/rpg-docs/Model/Character/Spells.js
@@ -20,3 +20,6 @@ Schemas.Spell = new SimpleSchema({
 });
 
 Spells.attachSchema(Schemas.Spell);
+
+Spells.allow(CHARACTER_SUBSCHEMA_ALLOW);
+Spells.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Character/TemporaryHitPoints.js b/rpg-docs/Model/Character/TemporaryHitPoints.js
index 0ba2b566..46387216 100644
--- a/rpg-docs/Model/Character/TemporaryHitPoints.js
+++ b/rpg-docs/Model/Character/TemporaryHitPoints.js
@@ -33,3 +33,6 @@ TemporaryHitPoints.after.update(function (userId, thp, fieldNames, modifier, opt
 		TemporaryHitPoints.remove(thp._id);
 	}
 }, {fetchPrevious: false});
+
+TemporaryHitPoints.allow(CHARACTER_SUBSCHEMA_ALLOW);
+TemporaryHitPoints.deny(CHARACTER_SUBSCHEMA_DENY);
diff --git a/rpg-docs/Model/Inventory/Containers.js b/rpg-docs/Model/Inventory/Containers.js
index e6b95f71..9efa69f6 100644
--- a/rpg-docs/Model/Inventory/Containers.js
+++ b/rpg-docs/Model/Inventory/Containers.js
@@ -39,3 +39,5 @@ Containers.before.remove(function (userId, container) {
 		});
 	}
 });
+
+Containers.allow(CHARACTER_SUBSCHEMA_ALLOW);
diff --git a/rpg-docs/Model/Inventory/Items.js b/rpg-docs/Model/Inventory/Items.js
index f65ca9aa..92602cc4 100644
--- a/rpg-docs/Model/Inventory/Items.js
+++ b/rpg-docs/Model/Inventory/Items.js
@@ -55,3 +55,5 @@ Items.after.update(function (userId, item, fieldNames, modifier, options) {
 		Attacks.update(attack._id, { $set: {charId: item.charId, enabled: item.equipped, name: item.name} });
 	});
 }, {fetchPrevious: false});
+
+Items.allow(CHARACTER_SUBSCHEMA_ALLOW);
diff --git a/rpg-docs/client/views/layout/layout.js b/rpg-docs/client/views/layout/layout.js
index 92b1839a..9c475472 100644
--- a/rpg-docs/client/views/layout/layout.js
+++ b/rpg-docs/client/views/layout/layout.js
@@ -27,4 +27,4 @@ Template.layout.events({
 	"tap #charactersMenuButton": function(event, instance){
 		Router.go("/");
 	}
-});
\ No newline at end of file
+});