-
Notifications
You must be signed in to change notification settings - Fork 2
/
_colors.js
130 lines (100 loc) · 3.21 KB
/
_colors.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import {Colors, _Colors, AccessControl} from '../../lib/collections';
import App from '/lib/app';
import {Meteor} from 'meteor/meteor';
import {check} from 'meteor/check';
import _lgr from '/lib/logging/server/serverLogger';
const Lgr = new _lgr( __filename, 'warn' );
const nameModule = 'colors';
export default function () {
Meteor.methods({
'_colors.add'(data, _id) {
Lgr.a = '_colors.add';
const action = 'add';
const ap = AccessControl.findAccessPoint( nameModule, action, App.group );
const authorized = Roles.userIsInRole(
Meteor.userId(),
ap.trusted,
ap.group
);
Lgr.debug( 'User, ' + Meteor.userId() + ', wants to add a color.');
if ( authorized ) {
check(data, {
title: String,
age: Number,
content: String
});
check(_id, String);
let color = new Colors();
color._id = _id;
color.title = data.title;
color.content = data.content;
color.age = data.age;
color.createAt = new Date();
Lgr.verbose(`\nSaving : ${JSON.stringify(color)} \n`);
color.save();
return;
}
Lgr.warn(`Unauthorized attempt to add a color by user : ${Meteor.userId()}\n`);
throw new Meteor.Error(
' UNAUTHORIZED ACCESS ATTEMPT',
'You are not authorized for that action',
'endpoint: server/methods/_color.js');
},
'_colors.update'(data, _id) {
Lgr.a = '_colors.update';
const action = 'add';
check(data, {
title: String,
age: Number,
content: String
});
check(_id, String);
const ap = AccessControl.findAccessPoint( nameModule, action, App.group );
const authorized = Roles.userIsInRole(
Meteor.userId(),
ap.trusted,
ap.group
);
if ( authorized ) {
let record = Colors.findOne(_id);
record.fullText();
const allowedFields = [ 'title', 'age', 'content' ];
for (let key of allowedFields) {
record[key] = data[key];
}
if ( record.content.includes('crap')) {
throw new Meteor.Error(
' Remedy : cut the crap ',
'I knew it! It\'s YOUR fault -- again!',
'Yup. When it\'s cwappy, it\'s wee wee, wee wee cwappy');
}
Lgr.verbose(`\nSaving : ${JSON.stringify(record)} \n`);
record.save(allowedFields);
return;
}
Lgr.verbose(`Unauthorized attempt to edit color by user : ${Meteor.userId()}\n`);
throw new Meteor.Error(
' UNAUTHORIZED ACCESS ATTEMPT',
'You are not authorized for that action',
'endpoint: server/methods/_color.js');
},
'_colors.delete'(_id) {
check(_id, String);
Lgr.a = '_colors.delete';
Lgr.info(`\nDeleting : ${JSON.stringify(record)}\n`);
let record = Colors.findOne(_id);
record.remove();
},
'_colors.hide'(_id) {
check(_id, String);
Lgr.a = '_colors.hide';
let record = Colors.findOne(_id);
record.softRemove();
Lgr.info(`\nHidden : ${JSON.stringify(record)}\n`);
},
'_colors.wipe'() {
let result = _Colors.remove({});
return result;
}
});
}