From e3e22eec686cf0ab7bb824c3e46fd5faf65ba255 Mon Sep 17 00:00:00 2001 From: Robert Baertsch Date: Wed, 6 Jul 2016 20:35:25 -0700 Subject: [PATCH] fix signin bug, collaboration security --- webapp/.meteor/packages | 2 +- webapp/.meteor/versions | 3 --- webapp/client/newCase.js | 10 +++++++--- webapp/lib/collections.js | 3 +++ webapp/server/publications.js | 18 +++++++++++++----- webapp/server/seedData.js | 5 ++++- 6 files changed, 28 insertions(+), 13 deletions(-) diff --git a/webapp/.meteor/packages b/webapp/.meteor/packages index 23b3dee..6d8f223 100644 --- a/webapp/.meteor/packages +++ b/webapp/.meteor/packages @@ -36,11 +36,11 @@ momentjs:moment hive:facets accounts-ui accounts-password -useraccounts:unstyled tomi:upload-server dbarrett:dropzonejs reactive-var ucscmedbook:api medbook:collaborations +medbook:namespace meteortoys:allthings aldeed:template-extension diff --git a/webapp/.meteor/versions b/webapp/.meteor/versions index 153de46..aaad6ab 100644 --- a/webapp/.meteor/versions +++ b/webapp/.meteor/versions @@ -107,7 +107,6 @@ semantic:ui-data@2.1.8 service-configuration@1.0.5 session@1.1.1 sha@1.0.4 -softwarerero:accounts-t9n@1.3.4 spacebars@1.0.7 spacebars-compiler@1.0.7 srp@1.0.4 @@ -120,8 +119,6 @@ ucscmedbook:api@0.2.3 ui@1.0.8 underscore@1.0.4 url@1.0.5 -useraccounts:core@1.14.2 -useraccounts:unstyled@1.14.2 webapp@1.2.3 webapp-hashing@1.0.5 zimme:active-route@2.3.2 diff --git a/webapp/client/newCase.js b/webapp/client/newCase.js index 4f4558d..d6b0393 100644 --- a/webapp/client/newCase.js +++ b/webapp/client/newCase.js @@ -49,6 +49,10 @@ Template.newCaseModal.onRendered(function() { if (form_vals.gender === 'unk') { delete form_vals.gender; } + // temporary *** FIX until we add share button + if (!form_vals.collaboration) { + form_vals.collaborations = ["ASK"]; + } console.log('form_vals',form_vals); var ctype = "nsclc"; // Will get set by a pulldown to one of the ctype template keys. @@ -60,7 +64,7 @@ Template.newCaseModal.onRendered(function() { var txt = ""; // Add the standard keys which are the same for every cancer. for (var key in standard_keys) { - txt = txt + "[" + key + ":" + standard_keys[key] + "]\n" + txt = txt + "[" + key + ":" + standard_keys[key] + "]\n"; default_vals[key]=standard_keys[key]; } // Now add the ctype-specific keys. Note that these can OVERRIDE the standard ones! @@ -86,7 +90,7 @@ Template.newCaseModal.onRendered(function() { var ctype_templates = { "nsclc": ["Lung", "NSCLC"], "Melanoma": ["Race"] - } + }; // Note that these can OVERRIDE the standard keys! var subtemplates = { @@ -101,7 +105,7 @@ Template.newCaseModal.onRendered(function() { "Race": { "race:":"White", } - } + }; function xlate(intext) { //var intext = (document.getElementById("text1")).value diff --git a/webapp/lib/collections.js b/webapp/lib/collections.js index d77f239..3810d03 100644 --- a/webapp/lib/collections.js +++ b/webapp/lib/collections.js @@ -29,6 +29,9 @@ Cases.attachSchema({ denyInsert: true, optional: true }, + collaborations: { + type: [String] + }, // public information fullNarrative: { type: String, optional: true }, diff --git a/webapp/server/publications.js b/webapp/server/publications.js index 59da307..eadb90e 100644 --- a/webapp/server/publications.js +++ b/webapp/server/publications.js @@ -1,17 +1,25 @@ Meteor.publish("singleCase", function(cid) { - var c = Cases.find({_id:cid}); - var p = Posts.find({caseId:cid}); - //user.ensureAccess(c); // throws "permission-denied" if no access - return [ c, p ]; + let user = MedBook.ensureUser(this.userId); + + // throws "permission-denied" if no access + user.ensureAccess(Cases.findOne(cid)); + + return [ + Cases.find(cid), + Posts.find({caseId:cid}) + ]; }); Meteor.publish("searchCase", function(query) { let user = MedBook.ensureUser(this.userId); console.log('user',user); + + // default to search all if (!query) query = {}; + query.collaborations = { $in: user.getCollaborations() }; + console.log("query:", query); var cases = Cases.find(query, { limit: 20 }); - //user.ensureAccess(cases); // throws "permission-denied" if no access return cases; }); diff --git a/webapp/server/seedData.js b/webapp/server/seedData.js index 1493bfc..bf8daa0 100644 --- a/webapp/server/seedData.js +++ b/webapp/server/seedData.js @@ -5,5 +5,8 @@ Meteor.startup(function() { ]; _.each(newCases, (c) => { Cases.insert(c); }); - } + }; + Accounts.config({ + forbidClientAccountCreation : false + }); });