implemented roles and added permission page for admins

README.md

@@ -13,3 +13,10 @@ mongodump -h localhost --port 3001 -d meteor
 mongorestore -h localhost --port 3001 -d meteor dump/meteor
 ````
 
+## FAQ
+### Set user as admin
+````
+$ meteor shell
+Roles.addUsersToRoles(Meteor.users.findOne({username: "myusername"}),"admin")
+````
+

client/templates/header.html

@@ -29,9 +29,6 @@
           <li>
             <a href="{{pathFor 'transportsPage'}}">Transport</a>
           </li>
-          <li>
-            <a href="{{pathFor 'teamsPage'}}">Teams</a>
-          </li>
           <li>
             <a href="{{pathFor 'mapPage'}}">Map</a>
           </li>
@@ -71,3 +68,12 @@
     </ul>
   </li>
 </template>
+
+<template name="_loginButtonsAdditionalLoggedInDropdownActions">
+    <a class="btn btn-default btn-block" href="{{pathFor 'teamsPage'}}">teams</a>
+    <a class="btn btn-default btn-block" href="{{pathFor 'transportsPage'}}">transports</a>
+    <br/>
+    {{#if isInRole 'admin'}}
+      <a class="btn btn-default btn-block" href="{{pathFor 'settingsPage'}}">Settings</a>
+    {{/if}}
+</template>

client/templates/helpers/contains.js

@@ -0,0 +1,7 @@
+UI.registerHelper('contains', function(value,list,options) {
+  if(_.contains(list, value)) {
+    return this;
+  } else {
+    return null;
+  }
+});

client/templates/pages/settings/index.html

@@ -0,0 +1,30 @@
+<template name="settingsPage">
+  <h3>Settings</h3>
+  {{#if isInRole 'admin'}}
+    <h4>Permissions</h4>
+    <table class="table table-condensed table-hover table-bordered">
+      <thead>
+        <tr>
+          <td>name</td>
+          {{#each roles}}
+          <td> {{this.name}} </td>
+          {{/each}}
+        </tr>
+      </thead>
+      <tbody>
+        {{#each users}}
+          <tr>
+            <td>{{this.username}}</td>
+            {{#each roles}}
+              <td>
+                <input type="checkbox" class="permission-toggle" role="{{this.name}}" userId="{{../_id}}" checked={{contains this.name ../roles }} />
+              </td>
+            {{/each}}
+          </tr>
+        {{/each}}
+      </tbody>
+    </table>
+  {{/if}}
+</template>
+
+

client/templates/pages/settings/index.js

@@ -0,0 +1,27 @@
+Template.settingsPage.helpers({
+  "roles": function () {
+    return Roles.getAllRoles();
+  },
+  "users": function() {
+    return Meteor.users.find({}, {fields: {_id: 1, username: 1, roles:1}});
+  }
+})
+Template.settingsPage.events({
+  "change .permission-toggle": function (event, template) {
+    if(event.target.checked) {
+      Meteor.call("addUserToRole", $(event.target).attr("userId"), $(event.target).attr("role"), function(error,data) {
+        if(error) {
+          Flash.danger(error);
+          event.target.checked = !event.target.checked;
+        }
+      });
+    } else {
+      Meteor.call("remUserFromRole", $(event.target).attr("userId"), $(event.target).attr("role"), function(error,data) {
+        if(error) {
+          Flash.danger(error);
+          event.target.checked = !event.target.checked;
+        }
+      });
+    }
+  }
+})

lib/collections/roles.js

@@ -0,0 +1,23 @@
+if(Meteor.isServer && (Roles.getAllRoles().fetch().length !== Meteor.settings.roles.length)) {
+  Meteor.startup(function () {
+    Meteor.roles.remove({});
+    _.each(Meteor.settings.roles, 
+      function(role) { 
+        Roles.createRole(role);
+      }
+    );
+  });
+}
+
+Meteor.methods({
+  "addUserToRole": function (user_id, role) {
+    validate.authorized(Meteor.user(), "admin");
+    var user = Meteor.users.findOne(user_id);
+    Roles.addUsersToRoles(user, role)
+  },
+  "remUserFromRole": function (user_id, role) {
+    validate.authorized(Meteor.user(), "admin");
+    var user = Meteor.users.findOne(user_id);
+    Roles.removeUsersFromRoles(user,role)
+  }
+})

lib/helpers/validate.js

@@ -66,5 +66,11 @@ validate = {
     if ( Object.prototype.toString.call(d) !== "[object Date]" )
       return false;
     return !isNaN(d.getTime());
+  },
+  authorized: function(user,required_permission) {
+    if (Roles.userIsInRole(user, required_permission)) {
+      return true;
+    }
+    throw new Meteor.Error(403, "Not authorized!");
   }
 }

lib/router.js

@@ -27,19 +27,11 @@ Router.route('/scan/bulk', {name: 'bulkPage'});
 Router.route('/scan', {name: 'scanPage'});
 
 Router.route('/transports/add', {name: 'addTransportPage'})
-Router.route('/transports', {
-  name: 'transportsPage',
-  waitOn: function () {
-    return Meteor.subscribe('transports');
-  }
-});
+Router.route('/transports', {name: 'transportsPage'});
 
 Router.route('/map', {name: 'mapPage'});
 Router.route('/generate', {name: 'generatePage'});
 Router.route('/teams/add', {name: 'addTeamPage'})
-Router.route('/teams', {
-  name: 'teamsPage',
-  waitOn: function () {
-    return Meteor.subscribe('teams');
-  }
-});
+Router.route('/teams', {name: 'teamsPage'});
+
+Router.route('/settings', {name: 'settingsPage'});

private/settings.json

@@ -4,6 +4,7 @@
     "map_file": "lagerplan.png",
     "ean_prefix": "202"
   },
+  "roles": ["admin","item-add","item-remove","item-relocate","transport-add","transport-remove","team-add","team-remove"],
   "preseed": {
     "items": {
       "amount": 0

server/publications.js

@@ -11,10 +11,12 @@ Meteor.publish('teams', function() {
   return Teams.find();
 });
 Meteor.publish("userData", function () {
-  if (this.userId) {
-    return Meteor.users.find({_id: this.userId},
-                             {fields: {'scans': 1}});
+  if (Roles.userIsInRole(this.userId, "admin")) {
+    return Meteor.users.find({},{fields: {_id:1, username: 1, roles: 1}});
   } else {
     this.ready();
   }
 });
+Meteor.publish(null, function (){
+  return Meteor.roles.find({})
+});