fixed little security problem, added icons to email ver. page

2025-01-10 12:14:22 +01:00 · 2014-06-03 14:34:06 +02:00 · 2014-06-03 14:34:06 +02:00 · 6ed12e98d8
commit 6ed12e98d8
parent da964a2a10
4 changed files with 20 additions and 9 deletions
--- a/.meteor/packages
+++ b/.meteor/packages
@ -4,7 +4,6 @@
 # but you can also edit it by hand.

 standard-app-packages
-insecure
 coffeescript
 bootstrap-3
 font-awesome
--- a/client/client.coffee
+++ b/client/client.coffee
@ -67,8 +67,10 @@ Router.map ->
 # You can't set a callback for when the user logs in using a cookie so...
 # Cheap ass work around for routing the user after he logs in with a token
 Deps.autorun ->
-  t = Router.current(); return unless t and t.lookupTemplate
-  if getUser() and t.lookupTemplate() is 'login' then Router.go 'home'
+  t = Router.current(); return unless getUser() and t and t.lookupTemplate
+  temp = t.lookupTemplate()
+  if temp is 'login' or temp is 'homepage' or temp is 'try'
+    Router.go 'home'

 # Client Templates

@ -108,6 +110,8 @@ Template.notelist.getDate = ->
  #day = new Date(@date).toLocaleString().split(' ')[0]
 Template.notelist.notes = ->
  d = notes.find({},{ sort: date: 1}).fetch()
+Template.notelist.notelist = ->
+  
 Template.notelist.events
  'click .close-note': -> notes.remove @_id
  'keypress #newNote': (e,template) ->
--- a/client/view/templates.html
+++ b/client/view/templates.html
@ -43,7 +43,7 @@

 <template name="notelist">
  <div class="list-group">
-    {{#each notes}}
+    {{#each notelist}}
    <a href="{{pathFor 'note'}}" class="note list-group-item">
      <span class="note-content">
        {{#if active}}<a role="button" href="{{pathFor 'notes'}}" class="edit-note close">
@ -145,10 +145,14 @@
    {{> error}}
    <input type="text" id="token-field" class="form-control" placeholder="Token">
    <div align="center" class="buttons">
-      <button type="button" class="btn btn-warning btn-ver" id="btn-resend">Resend Email</button>
-      <button type="button" class="btn btn-success btn-ver" id="btn-verify">Verify Token</button>
-      <button type="button" class="btn btn-danger btn-ver" id="btn-delete">Delete Account</button>
-      <br><button type="button" class="btn btn-primary btn-ver" id="btn-logout">Sign Out</button>
+      <button type="button" class="btn btn-warning btn-ver" id="btn-resend">
+        <i class="fa fa-refresh"></i> Resend</button>
+      <button type="button" class="btn btn-success btn-ver" id="btn-verify">
+        <i class="fa fa-check"></i> Verify Token</button>
+      <button type="button" class="btn btn-danger btn-ver" id="btn-delete">
+        <i class="fa fa-trash-o"></i> Delete Account</button>
+      <br><button type="button" class="btn btn-primary btn-ver" id="btn-logout">
+        <i class="fa fa-sign-out"></i> Sign Out</button>
    </div>
  </div>
 </template>
--- a/server/server.coffee
+++ b/server/server.coffee
@ -7,8 +7,8 @@ else
  console.log "Not Sending Emails, please set the MAIL_URL environment variable"

 notes = new Meteor.Collection "notes"
-
 getUser = (id) -> Meteor.users.findOne { _id: id }
+isUsers = (u,doc) -> u and doc.userId is u

 # Returns true if the user has verified at least one email address
 userValidated = (user) ->
@ -23,6 +23,10 @@ Meteor.publish "archive", ->
  if userValidated getUser(@userId)
    notes.find userId: @userId, archived: yes

+# Database Permissions
+# Allow all users to insert, update and remove their notes.
+notes.allow insert: isUsers, update: isUsers, remove: isUsers
+
 # Methods that the clients can invoke
 Meteor.methods
  resendConfirmEmail: ->