From 10be3d03e0e797ba9cf5616db0513ed52d389eda Mon Sep 17 00:00:00 2001 From: Oleksandr Zhurbenko Date: Mon, 27 Jul 2015 15:55:29 -0700 Subject: [PATCH] Added permissions for viewers and a presenter. Viewers can't retreive the total number of votes. Also, viewers can't retreive any data if they have voted already --- .../app/server/collection_methods/poll.coffee | 6 +++--- bigbluebutton-html5/app/server/publish.coffee | 8 ++++++-- bigbluebutton-html5/app/server/user_permissions.coffee | 4 +++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/bigbluebutton-html5/app/server/collection_methods/poll.coffee b/bigbluebutton-html5/app/server/collection_methods/poll.coffee index 0c996040ad..d451963281 100755 --- a/bigbluebutton-html5/app/server/collection_methods/poll.coffee +++ b/bigbluebutton-html5/app/server/collection_methods/poll.coffee @@ -21,8 +21,8 @@ @clearPollCollection = (meetingId, poll_id) -> if meetingId? and poll_id? and Meteor.Polls.findOne({"poll_info.meetingId": meetingId, "poll_info.poll.id": poll_id})? Meteor.Polls.remove({ - "poll_info.meetingId": meetingId, - "poll_info.poll.id": poll_id}, - Meteor.log.info "cleared Polls Collection (meetingId: #{meetingId}!") + "poll_info.meetingId": meetingId, + "poll_info.poll.id": poll_id}, + Meteor.log.info "cleared Polls Collection (meetingId: #{meetingId}!") else Meteor.Polls.remove({}, Meteor.log.info "cleared Polls Collection (all meetings)!") diff --git a/bigbluebutton-html5/app/server/publish.coffee b/bigbluebutton-html5/app/server/publish.coffee index 1b9b20cbb5..e73fd54843 100755 --- a/bigbluebutton-html5/app/server/publish.coffee +++ b/bigbluebutton-html5/app/server/publish.coffee @@ -58,8 +58,12 @@ Meteor.publish 'chat', (meetingId, userid, authToken) -> Meteor.publish 'bbb_poll', (meetingId, userid, authToken) -> if isAllowedTo('subscribePoll', meetingId, userid, authToken) - Meteor.log.info "publishing Poll for #{meetingId} #{userid} #{authToken}" - return Meteor.Polls.find() + if isAllowedTo('subscribeAnswers', meetingId, userid, authToken) + Meteor.log.info "publishing Poll for #{meetingId} #{userid} #{authToken}" + return Meteor.Polls.find({"poll_info.meetingId": meetingId, "poll_info.users": userid}) + else + return Meteor.Polls.find({"poll_info.meetingId": meetingId, "poll_info.users": userid}, + {fields: {"poll_info.poll.answers.number": 0}}) else @error new Meteor.Error(402, "The user was not authorized to subscribe for 'bbb_poll'") return diff --git a/bigbluebutton-html5/app/server/user_permissions.coffee b/bigbluebutton-html5/app/server/user_permissions.coffee index 12e954e2c9..152f3975fe 100755 --- a/bigbluebutton-html5/app/server/user_permissions.coffee +++ b/bigbluebutton-html5/app/server/user_permissions.coffee @@ -4,7 +4,7 @@ presenter = #poll subscribePoll: true - + subscribeAnswers: true # holds the values for whether the moderator user is allowed to perform an action (true) # or false if not allowed. Some actions have dynamic values depending on the current lock settings moderator = @@ -35,6 +35,7 @@ moderator = #poll subscribePoll: true + subscribeAnswers: false # holds the values for whether the viewer user is allowed to perform an action (true) @@ -73,6 +74,7 @@ viewer = (meetingId, userId) -> #poll subscribePoll: true + subscribeAnswers: false # carries out the decision making for actions affecting users. For the list of # actions and the default value - see 'viewer' and 'moderator' in the beginning of the file