2012-10-18 14:24:36 +09:00
|
|
|
Meteor.publish('currentUser', function() {
|
2012-10-19 15:53:26 +11:00
|
|
|
return Meteor.users.find(this.userId);
|
2012-10-18 14:24:36 +09:00
|
|
|
});
|
|
|
|
|
Meteor.publish('allUsers', function() {
|
|
|
|
|
if (this.userId && isAdminById(this.userId)) {
|
|
|
|
|
// if user is admin, publish all fields
|
2012-09-18 16:23:33 +09:00
|
|
|
return Meteor.users.find();
|
|
|
|
|
}else{
|
2012-10-18 14:24:36 +09:00
|
|
|
// else, filter out sensitive info
|
2012-10-19 15:53:26 +11:00
|
|
|
return Meteor.users.find({}, {fields: {
|
2012-10-08 10:44:13 +09:00
|
|
|
secret_id: false,
|
|
|
|
|
isAdmin: false,
|
|
|
|
|
emails: false,
|
|
|
|
|
notifications: false,
|
|
|
|
|
'profile.email': false,
|
|
|
|
|
'services.twitter.accessToken': false,
|
|
|
|
|
'services.twitter.accessTokenSecret': false,
|
|
|
|
|
'services.twitter.id': false,
|
|
|
|
|
'services.password': false
|
|
|
|
|
}});
|
2012-09-18 16:23:33 +09:00
|
|
|
}
|
2012-09-06 15:28:58 +09:00
|
|
|
});
|
2012-09-19 09:03:25 +09:00
|
|
|
|
|
|
|
|
Meteor.startup(function(){
|
|
|
|
|
Meteor.users.allow({
|
|
|
|
|
insert: function(userId, doc){
|
|
|
|
|
//TODO
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
, update: function(userId, docs, fields, modifier){
|
2012-11-01 10:27:34 +09:00
|
|
|
// console.log("updating");
|
|
|
|
|
// console.log(userId);
|
|
|
|
|
// console.log(docs);
|
|
|
|
|
// console.log('fields: '+fields);
|
2012-10-04 13:30:57 +09:00
|
|
|
// console.log(modifier); //uncommenting this crashes everything
|
2012-10-05 13:59:40 +09:00
|
|
|
if(isAdminById(userId) || (docs[0]._id && docs[0]._id==userId)){
|
2012-09-24 11:31:45 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2012-09-19 09:03:25 +09:00
|
|
|
}
|
|
|
|
|
, remove: function(userId, docs){
|
2012-10-05 13:59:40 +09:00
|
|
|
if(isAdminById(userId) || (docs[0]._id && docs[0]._id==userId)){
|
2012-09-24 11:31:45 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
2012-09-19 09:03:25 +09:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2012-08-22 23:24:33 -04:00
|
|
|
// Posts
|
|
|
|
|
|
2012-08-22 21:27:22 -04:00
|
|
|
Posts = new Meteor.Collection('posts');
|
|
|
|
|
|
2012-12-13 18:12:08 +11:00
|
|
|
// a single post, identified by id
|
|
|
|
|
Meteor.publish('post', function(id) {
|
|
|
|
|
return Posts.find(id);
|
|
|
|
|
});
|
2012-12-06 23:46:20 +11:00
|
|
|
|
|
|
|
|
Meteor.publish('paginatedPosts', function(find, options, limit) {
|
|
|
|
|
options = options || {};
|
|
|
|
|
options.limit = limit;
|
|
|
|
|
|
|
|
|
|
return Posts.find(find || {}, options);
|
|
|
|
|
});
|
|
|
|
|
|
2012-09-11 18:52:01 +10:00
|
|
|
// FIXME -- check all docs, not just the first one.
|
2012-08-22 23:24:33 -04:00
|
|
|
Meteor.startup(function(){
|
|
|
|
|
Posts.allow({
|
2012-09-06 15:28:58 +09:00
|
|
|
insert: function(userId, doc){
|
|
|
|
|
if(userId){
|
2012-09-11 18:52:01 +10:00
|
|
|
doc.userId = userId;
|
2012-09-06 15:28:58 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2012-09-06 11:34:05 +09:00
|
|
|
}
|
2012-09-19 10:05:02 +09:00
|
|
|
, update: function(userId, docs, fields, modifier){
|
2012-10-11 13:50:17 +09:00
|
|
|
if(isAdminById(userId) || (docs[0].userId && docs[0].userId===userId)){
|
2012-09-06 11:09:24 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-10 10:48:14 +09:00
|
|
|
throw new Meteor.Error(403, 'You do not have permission to edit this post');
|
2012-09-06 11:09:24 +09:00
|
|
|
return false;
|
|
|
|
|
}
|
2012-09-06 11:34:05 +09:00
|
|
|
, remove: function(userId, docs){
|
2012-10-11 13:50:17 +09:00
|
|
|
if(isAdminById(userId) || (docs[0].userId && docs[0].userId===userId)){
|
2012-09-06 11:34:05 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-10 10:48:14 +09:00
|
|
|
throw new Meteor.Error(403, 'You do not have permission to delete this post');
|
2012-09-13 11:57:35 +09:00
|
|
|
return false; }
|
2012-08-22 23:24:33 -04:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Comments
|
|
|
|
|
|
|
|
|
|
Comments = new Meteor.Collection('comments');
|
|
|
|
|
|
2012-10-10 11:03:09 +09:00
|
|
|
Meteor.publish('comments', function(query) {
|
|
|
|
|
return Comments.find(query);
|
2012-08-22 23:24:33 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
Meteor.startup(function(){
|
|
|
|
|
Comments.allow({
|
2012-09-06 15:28:58 +09:00
|
|
|
insert: function(userId, doc){
|
|
|
|
|
if(userId){
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2012-09-06 11:34:05 +09:00
|
|
|
}
|
|
|
|
|
, update: function(userId, docs, fields, modifier){
|
2012-10-11 13:50:17 +09:00
|
|
|
if(isAdminById(userId) || (docs[0].userId && docs[0].userId==userId)){
|
2012-09-19 09:03:25 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-10 10:48:14 +09:00
|
|
|
throw new Meteor.Error(403, 'You do not have permission to edit this comment');
|
2012-09-19 09:03:25 +09:00
|
|
|
return false;
|
2012-09-06 11:34:05 +09:00
|
|
|
}
|
|
|
|
|
, remove: function(userId, docs){
|
2012-10-11 13:50:17 +09:00
|
|
|
if(isAdminById(userId) || (docs[0].userId && docs[0].userId==userId)){
|
2012-09-06 11:34:05 +09:00
|
|
|
return true;
|
2012-10-10 10:48:14 +09:00
|
|
|
throw new Meteor.Error(403, 'You do not have permission to delete this comment');
|
2012-09-06 11:34:05 +09:00
|
|
|
}
|
2012-09-27 23:18:02 -07:00
|
|
|
return false;
|
2012-09-06 11:34:05 +09:00
|
|
|
}
|
2012-08-30 21:35:48 -04:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2012-09-06 19:42:11 +09:00
|
|
|
// Settings
|
2012-09-06 11:34:05 +09:00
|
|
|
|
2012-09-06 19:42:11 +09:00
|
|
|
Settings = new Meteor.Collection('settings');
|
2012-09-06 11:34:05 +09:00
|
|
|
|
2012-09-06 19:42:11 +09:00
|
|
|
Meteor.publish('settings', function() {
|
|
|
|
|
return Settings.find();
|
2012-09-06 11:34:05 +09:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
Meteor.startup(function(){
|
2012-09-06 19:42:11 +09:00
|
|
|
Settings.allow({
|
2012-10-05 13:59:40 +09:00
|
|
|
insert: function(userId, docs){ return isAdminById(userId); }
|
|
|
|
|
, update: function(userId, docs, fields, modifier){ return isAdminById(userId); }
|
|
|
|
|
, remove: function(userId, docs){ return isAdminById(userId); }
|
2012-09-06 11:34:05 +09:00
|
|
|
});
|
2012-10-05 10:23:38 +09:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Notifications
|
|
|
|
|
|
|
|
|
|
Notifications = new Meteor.Collection('notifications');
|
|
|
|
|
|
|
|
|
|
Meteor.publish('notifications', function() {
|
2012-10-10 07:28:44 +09:00
|
|
|
// only publish notifications belonging to the current user
|
2012-11-19 15:41:44 +09:00
|
|
|
return Notifications.find({userId:this.userId});
|
2012-10-05 10:23:38 +09:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
Meteor.startup(function(){
|
|
|
|
|
Notifications.allow({
|
|
|
|
|
insert: function(userId, doc){
|
|
|
|
|
if(userId){
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
, update: function(userId, docs, fields, modifier){
|
2013-01-14 10:54:58 +09:00
|
|
|
if(isAdminById(userId) || (docs[0].userId && docs[0].userId==userId)){
|
2012-10-05 10:23:38 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
, remove: function(userId, docs){
|
2013-01-14 10:54:58 +09:00
|
|
|
if(isAdminById(userId) || (docs[0].userId && docs[0].userId==userId)){
|
2012-10-05 10:23:38 +09:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
});
|
2012-10-10 07:28:44 +09:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Categories
|
|
|
|
|
|
|
|
|
|
Categories = new Meteor.Collection('categories');
|
|
|
|
|
|
|
|
|
|
Meteor.publish('categories', function() {
|
|
|
|
|
return Categories.find();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
Meteor.startup(function(){
|
|
|
|
|
Categories.allow({
|
|
|
|
|
insert: function(userId, docs){ return isAdminById(userId); }
|
|
|
|
|
, update: function(userId, docs, fields, modifier){ return isAdminById(userId); }
|
|
|
|
|
, remove: function(userId, docs){ return isAdminById(userId); }
|
|
|
|
|
});
|
2012-09-06 11:34:05 +09:00
|
|
|
});
|
