only allow needed write operations on collections

client/lib/session.js

@@ -72,7 +72,7 @@ setAdminMode = function() {
   });
 }
 
-setCurrentGame = function(gameName, onReadyPlayers=null) {
+setCurrentGame = function (gameName, onReadyPlayers=null) {
   if (debug >= 2) console.log('setCurrentGame', gameName);
   const gameID = Session.get('gameID');
   if (gameID) {
@@ -89,7 +89,7 @@ setCurrentGame = function(gameName, onReadyPlayers=null) {
   }
 }
 
-joinGame = function(gameName, onReadyPlayers=null) {
+joinGame = function (gameName, onReadyPlayers=null) {
   MeteorSubs.subscribe('game', gameName, {
     onReady: () => {
       if (debug >= 2) console.log('joinGame games onReady', gameName);

lib/collections.js

@@ -5,32 +5,30 @@ collections = function() {
   GamesHistory = new Mongo.Collection("gamesHistory");
   TurnsHistory = new Mongo.Collection("turnsHistory");
 
-  var allowFunctions = {
-    insert: function (userId, doc) {
+  Games.allow({
+    update: (userId, doc, fields, modifier) => {
       return true;
     },
-    update: function (userId, doc, fields, modifier) {
+  });
+
+  Players.allow({
+    insert: (userId, doc) => {
       return true;
     },
-    remove: function (userId, doc) {
+    update: (userId, doc, fields, modifier) => {
       return true;
     },
-  };
+    remove: (userId, doc) => {
+      return true;
+    },
+  });
 
-  var denyFunctions = {
-    insert: function(userId, doc) {
+  Players.deny({
+    insert: (userId, doc) => {
       doc.createdAt = new Date().valueOf();
       return false;
     },
-  };
-
-  Games.allow(allowFunctions);
-  Players.allow(allowFunctions);
-  GamesHistory.allow(allowFunctions);
-  TurnsHistory.allow(allowFunctions);
-
-  Games.deny(denyFunctions);
-  Players.deny(denyFunctions);
+  });
 }
 
 initialGame = function() {