dai-shi/simple-todos-react-10.12.diff

## simple-todos-react-10.12.diff
diff --git a/imports/api/tasks.js b/imports/api/tasks.js
index 441feee..9d5b56a 100644
--- a/imports/api/tasks.js
+++ b/imports/api/tasks.js
@@ -36,12 +36,24 @@ Meteor.methods({
   'tasks.remove'(taskId) {
     check(taskId, String);

+    const task = Tasks.findOne(taskId);
+    if (task.private && task.owner !== Meteor.userId()) {
+      // If the task is private, make sure only the owner can delete it
+      throw new Meteor.Error('not-authorized');
+    }
+
     Tasks.remove(taskId);
   },
   'tasks.setChecked'(taskId, setChecked) {
     check(taskId, String);
     check(setChecked, Boolean);

+    const task = Tasks.findOne(taskId);
+    if (task.private && task.owner !== Meteor.userId()) {
+      // If the task is private, make sure only the owner can check it off
+      throw new Meteor.Error('not-authorized');
+    }
+
     Tasks.update(taskId, { $set: { checked: setChecked } });
   },
   'tasks.setPrivate'(taskId, setToPrivate) {
	diff --git a/imports/api/tasks.js b/imports/api/tasks.js
	index 441feee..9d5b56a 100644
	--- a/imports/api/tasks.js
	+++ b/imports/api/tasks.js
	@@ -36,12 +36,24 @@ Meteor.methods({
	'tasks.remove'(taskId) {
	check(taskId, String);

	+ const task = Tasks.findOne(taskId);
	+ if (task.private && task.owner !== Meteor.userId()) {
	+ // If the task is private, make sure only the owner can delete it
	+ throw new Meteor.Error('not-authorized');
	+ }
	+
	Tasks.remove(taskId);
	},
	'tasks.setChecked'(taskId, setChecked) {
	check(taskId, String);
	check(setChecked, Boolean);

	+ const task = Tasks.findOne(taskId);
	+ if (task.private && task.owner !== Meteor.userId()) {
	+ // If the task is private, make sure only the owner can check it off
	+ throw new Meteor.Error('not-authorized');
	+ }
	+
	Tasks.update(taskId, { $set: { checked: setChecked } });
	},
	'tasks.setPrivate'(taskId, setToPrivate) {