From aa70252e1751a77775aa89bc1f149059827ec3b3 Mon Sep 17 00:00:00 2001 From: willweinstein Date: Fri, 10 Mar 2017 17:18:23 -0500 Subject: [PATCH 01/12] restrict fields users can search --- server/publications.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/publications.js b/server/publications.js index ec84945..4cff6bd 100644 --- a/server/publications.js +++ b/server/publications.js @@ -9,5 +9,5 @@ Meteor.publish(null, function (){ return Meteor.roles.find(); }) Meteor.publish(null, function() { - return Meteor.users.find(); -}); \ No newline at end of file + return Meteor.users.find({}, {fields: {username: 1, _id: 1, profile: 1}}); +}); From 0ca12350c3d415aba9d4015536cb202a1d12384a Mon Sep 17 00:00:00 2001 From: willweinstein Date: Fri, 10 Mar 2017 17:19:27 -0500 Subject: [PATCH 02/12] removed insecurities i am no longer insecure about myself --- .meteor/packages | 1 - 1 file changed, 1 deletion(-) diff --git a/.meteor/packages b/.meteor/packages index ab92733..b41d700 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -18,7 +18,6 @@ es5-shim@4.6.15 # ECMAScript 5 compatibility for older browsers. ecmascript@0.6.3 # Enable ECMAScript2015+ syntax in app code shell-server@0.2.2 # Server-side component of the `meteor shell` command -insecure@1.0.7 # Allow all DB writes from clients (for prototyping) iron:router npm-bcrypt@0.9.2 stylus@2.513.9 From 628372a43358ec578a212d4d2e5c37a4836270f9 Mon Sep 17 00:00:00 2001 From: willweinstein Date: Fri, 10 Mar 2017 17:19:59 -0500 Subject: [PATCH 03/12] more insecurities --- .meteor/versions | 1 - 1 file changed, 1 deletion(-) diff --git a/.meteor/versions b/.meteor/versions index 628d531..dd93ea8 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -37,7 +37,6 @@ htmljs@1.0.11 http@1.2.11 ian:accounts-ui-bootstrap-3@1.2.89 id-map@1.0.9 -insecure@1.0.7 iron:controller@1.0.12 iron:core@1.0.11 iron:dynamic-template@1.0.12 From ce1b84d8edea9b146eb2f121bc4e835e448d28af Mon Sep 17 00:00:00 2001 From: willweinstein Date: Fri, 10 Mar 2017 17:25:01 -0500 Subject: [PATCH 04/12] legal writing to buildsessions --- server/user_methods.js | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/server/user_methods.js b/server/user_methods.js index b19a542..5718f42 100644 --- a/server/user_methods.js +++ b/server/user_methods.js @@ -61,6 +61,20 @@ Meteor.methods({ } else { Roles.removeUsersFromRoles(e.targetUserId, ['admin']); } + }, + getUserName: function (e) { + return Meteor.users.findOne({_id: e.id}).username; + }, + getTeam: function(e) { + return Meteor.users.findOne({_id: e.id}).username; + }, + attendBuild: function(e) { + BuildSessions.update({_id: e}, {$addtoset: {attend: Meteor.userId()}}); + }, + removeAttend: function(e) { + BuildSessions.update({_id: e}, {$pull: {attend: Meteor.userId()}}); + }, + setTardy: function(e) { + BuildSessions.update({_id: e}, {$addToSet: {absent: Meteor.userId()}}); } - -}); \ No newline at end of file +}); From 0d0b1e4ea61756aac7d772c2ff39b52070b78dc7 Mon Sep 17 00:00:00 2001 From: willweinstein Date: Fri, 10 Mar 2017 17:43:39 -0500 Subject: [PATCH 05/12] unecessary --- server/user_methods.js | 6 ------ 1 file changed, 6 deletions(-) diff --git a/server/user_methods.js b/server/user_methods.js index 5718f42..0062ddb 100644 --- a/server/user_methods.js +++ b/server/user_methods.js @@ -62,12 +62,6 @@ Meteor.methods({ Roles.removeUsersFromRoles(e.targetUserId, ['admin']); } }, - getUserName: function (e) { - return Meteor.users.findOne({_id: e.id}).username; - }, - getTeam: function(e) { - return Meteor.users.findOne({_id: e.id}).username; - }, attendBuild: function(e) { BuildSessions.update({_id: e}, {$addtoset: {attend: Meteor.userId()}}); }, From c7fb3d02bd380634acdb7e2e799bd9ec07cc6608 Mon Sep 17 00:00:00 2001 From: willweinstein Date: Mon, 13 Mar 2017 14:46:46 -0400 Subject: [PATCH 06/12] someone is stupid --- server/user_methods.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/user_methods.js b/server/user_methods.js index 0062ddb..f5fba2a 100644 --- a/server/user_methods.js +++ b/server/user_methods.js @@ -63,7 +63,7 @@ Meteor.methods({ } }, attendBuild: function(e) { - BuildSessions.update({_id: e}, {$addtoset: {attend: Meteor.userId()}}); + BuildSessions.update({_id: e}, {$addToSet: {attend: Meteor.userId()}}); }, removeAttend: function(e) { BuildSessions.update({_id: e}, {$pull: {attend: Meteor.userId()}}); From 292c827dcfa7fcc0b38a2b736e537e28b6d872ff Mon Sep 17 00:00:00 2001 From: willweinstein Date: Mon, 13 Mar 2017 14:54:08 -0400 Subject: [PATCH 07/12] implemented secure writing --- client/buildSessions/build_list.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/buildSessions/build_list.js b/client/buildSessions/build_list.js index 6c3d5e0..208bbae 100644 --- a/client/buildSessions/build_list.js +++ b/client/buildSessions/build_list.js @@ -76,15 +76,15 @@ Template.buildSessionList.events({ // var eventstart = moment(this.date.date).add(moment.duration(moment(this.starttime, ["h:mm A"]).format("HH:mm"))); if(moment(this.start).diff(moment(), 'hours') Date: Mon, 13 Mar 2017 15:04:32 -0400 Subject: [PATCH 08/12] admin tardy lets admins mark other users as absent or not absent --- server/user_methods.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/server/user_methods.js b/server/user_methods.js index f5fba2a..d594e78 100644 --- a/server/user_methods.js +++ b/server/user_methods.js @@ -70,5 +70,19 @@ Meteor.methods({ }, setTardy: function(e) { BuildSessions.update({_id: e}, {$addToSet: {absent: Meteor.userId()}}); + }, + adminTardy: function(e) { + var loggedInUser = Meteor.user(); + if (!loggedInUser || !Roles.userIsInRole(loggedInUser, ['admin'])) { + throw new Meteor.Error(403, "Access denied"); + } + BuildSessions.update({_id: e.sessionId}, {$addToSet: {absent: e.userId}}); + }, + adminNotTardy: function(e) { + var loggedInUser = Meteor.user(); + if (!loggedInUser || !Roles.userIsInRole(loggedInUser, ['admin'])) { + throw new Meteor.Error(403, "Access denied"); + } + BuildSessions.update({_id: e.sessionId}, {$pull: {absent: e.userId}}); } }); From a9bec05fbc010f339803ee91c41b0f3c36a314f2 Mon Sep 17 00:00:00 2001 From: willweinstein Date: Mon, 13 Mar 2017 15:04:58 -0400 Subject: [PATCH 09/12] implements new admin functions so admins can mark people tardy --- client/buildSessions/build_list.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/buildSessions/build_list.js b/client/buildSessions/build_list.js index 208bbae..8410f07 100644 --- a/client/buildSessions/build_list.js +++ b/client/buildSessions/build_list.js @@ -65,8 +65,8 @@ Template.buildSessionList.events({ //if you click on a person 'click li': function() { if(Roles.userIsInRole(Meteor.userId(), ['admin'])) { - if(this.isAbsent) BuildSessions.update({_id: this.sessionid}, {$pull: {absent: this._id}}); - else BuildSessions.update({_id: this.sessionid}, {$addToSet: {absent: this._id}}); + if(this.isAbsent) Meteor.call('adminNotTardy', {sessionId: this.sessionid, userId: this._id}); + else Meteor.call('adminTardy', {sessionId: this.sessionid, userId: this._id}); } }, 'click .not-coming': function(e) { From 835c4fcf1c4da1e7280da2352d418d0c8984f69f Mon Sep 17 00:00:00 2001 From: willweinstein Date: Mon, 13 Mar 2017 15:16:49 -0400 Subject: [PATCH 10/12] consolidated attendance removal --- server/user_methods.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/server/user_methods.js b/server/user_methods.js index d594e78..6c72836 100644 --- a/server/user_methods.js +++ b/server/user_methods.js @@ -66,10 +66,13 @@ Meteor.methods({ BuildSessions.update({_id: e}, {$addToSet: {attend: Meteor.userId()}}); }, removeAttend: function(e) { - BuildSessions.update({_id: e}, {$pull: {attend: Meteor.userId()}}); - }, - setTardy: function(e) { - BuildSessions.update({_id: e}, {$addToSet: {absent: Meteor.userId()}}); + var session = BuildSessions.findOne({_id: e}); + if(moment(session.start).diff(moment(), 'hours') Date: Mon, 13 Mar 2017 15:17:51 -0400 Subject: [PATCH 11/12] implemented new logic for not coming --- client/buildSessions/build_list.js | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/client/buildSessions/build_list.js b/client/buildSessions/build_list.js index 8410f07..5e61304 100644 --- a/client/buildSessions/build_list.js +++ b/client/buildSessions/build_list.js @@ -74,12 +74,7 @@ Template.buildSessionList.events({ //convert the startime to 24 hour time, make a duration out of that, add it to the start date. // var eventstart = moment(this.date.date).add(moment.duration(moment(this.starttime, ["h:mm A"]).format("HH:mm"))); - - if(moment(this.start).diff(moment(), 'hours') Date: Mon, 13 Mar 2017 15:32:21 -0400 Subject: [PATCH 12/12] lets people see roles mostly just for admins --- server/publications.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/publications.js b/server/publications.js index 4cff6bd..6056c83 100644 --- a/server/publications.js +++ b/server/publications.js @@ -9,5 +9,5 @@ Meteor.publish(null, function (){ return Meteor.roles.find(); }) Meteor.publish(null, function() { - return Meteor.users.find({}, {fields: {username: 1, _id: 1, profile: 1}}); + return Meteor.users.find({}, {fields: {username: 1, _id: 1, profile: 1, roles: 1}}); });