fix signin bug, collaboration security

UCSC-MedBook · Jul 7, 2016 · e3e22ee · e3e22ee
1 parent 22ba6a1
commit e3e22ee
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 13 deletions.
diff --git a/webapp/.meteor/packages b/webapp/.meteor/packages
@@ -36,11 +36,11 @@ momentjs:moment
 hive:facets
 accounts-ui
 accounts-password
-useraccounts:unstyled
 tomi:upload-server
 dbarrett:dropzonejs
 reactive-var
 ucscmedbook:api
 medbook:collaborations
+medbook:namespace
 meteortoys:allthings
 aldeed:template-extension
diff --git a/webapp/.meteor/versions b/webapp/.meteor/versions
@@ -107,7 +107,6 @@ semantic:ui-data@2.1.8
 service-configuration@1.0.5
 session@1.1.1
 sha@1.0.4
-softwarerero:accounts-t9n@1.3.4
 spacebars@1.0.7
 spacebars-compiler@1.0.7
 srp@1.0.4
@@ -120,8 +119,6 @@ ucscmedbook:api@0.2.3
 ui@1.0.8
 underscore@1.0.4
 url@1.0.5
-useraccounts:core@1.14.2
-useraccounts:unstyled@1.14.2
 webapp@1.2.3
 webapp-hashing@1.0.5
 zimme:active-route@2.3.2
diff --git a/webapp/client/newCase.js b/webapp/client/newCase.js
@@ -49,6 +49,10 @@ Template.newCaseModal.onRendered(function() {
       if (form_vals.gender === 'unk') {
         delete form_vals.gender;
       }
+      // temporary *** FIX until we add share button
+      if (!form_vals.collaboration) {
+        form_vals.collaborations = ["ASK"];
+      }
       console.log('form_vals',form_vals);
 
       var ctype = "nsclc"; // Will get set by a pulldown to one of the ctype template keys.
@@ -60,7 +64,7 @@ Template.newCaseModal.onRendered(function() {
           var txt = "";
           // Add the standard keys which are the same for every cancer.
           for (var key in standard_keys) {
-          	txt = txt + "[" + key + ":" + standard_keys[key] + "]\n"
+          	txt = txt + "[" + key + ":" + standard_keys[key] + "]\n";
           	default_vals[key]=standard_keys[key];
           }
           // Now add the ctype-specific keys. Note that these can OVERRIDE the standard ones!
@@ -86,7 +90,7 @@ Template.newCaseModal.onRendered(function() {
       var ctype_templates = {
           "nsclc": ["Lung", "NSCLC"],
           "Melanoma": ["Race"]
-      }
+      };
 
       // Note that these can OVERRIDE the standard keys!
       var subtemplates = {
@@ -101,7 +105,7 @@ Template.newCaseModal.onRendered(function() {
           "Race": {
             "race:":"White",
           }
-      }
+      };
 
       function xlate(intext) {
           //var intext = (document.getElementById("text1")).value

diff --git a/webapp/lib/collections.js b/webapp/lib/collections.js
@@ -29,6 +29,9 @@ Cases.attachSchema({
     denyInsert: true,
     optional: true
   },
+  collaborations: {
+    type: [String]
+  },
 
   // public information
   fullNarrative: { type: String, optional: true },

diff --git a/webapp/server/publications.js b/webapp/server/publications.js
@@ -1,17 +1,25 @@
 Meteor.publish("singleCase", function(cid) {
-  var c = Cases.find({_id:cid});
-  var p = Posts.find({caseId:cid});
-  //user.ensureAccess(c); // throws "permission-denied" if no access
-  return [ c, p ];
+  let user = MedBook.ensureUser(this.userId);
+
+  // throws "permission-denied" if no access
+  user.ensureAccess(Cases.findOne(cid));
+
+  return [
+    Cases.find(cid),
+    Posts.find({caseId:cid})
+  ];
 });
 
 Meteor.publish("searchCase", function(query) {
   let user = MedBook.ensureUser(this.userId);
   console.log('user',user);
+
+  // default to search all
   if (!query) query = {};
 
+  query.collaborations = { $in: user.getCollaborations() };
+
   console.log("query:", query);
   var cases = Cases.find(query, { limit: 20 });
-  //user.ensureAccess(cases); // throws "permission-denied" if no access
   return cases;
 });
diff --git a/webapp/server/seedData.js b/webapp/server/seedData.js
@@ -5,5 +5,8 @@ Meteor.startup(function() {
     ];
 
     _.each(newCases, (c) => { Cases.insert(c); });
-  }
+  };
+  Accounts.config({
+    forbidClientAccountCreation : false
+  });
 });