- use an explicit "boards" domain: /api/boards/:boardId
- pass authToken as a request parameter: /api/boards/:boardId?authToken=:token
- in the future, same route can be used with authToken set in the Authenticate: header easily
This version includes a more complete selection of ES2015 polyfills
that I started used across the code base, for instance by replacing
`$.trim(str)` by `str.trim()`.
Since 07cc454 (ie the switch to Meteor 1.2) we includes the `es5-shim`
polyfill to support methods like `Array.prototype.forEach` in a
consistent way across all supported browsers (IE8+).
MDG recently released a blog post recommending the use of these native
methods instead of underscore [0]. We know follow this recommendation.
This commit also favor some ES6 features (argument defaults,
destructing assignment) in places where we didn’t use them.
[0]: http://info.meteor.com/blog/es2015-get-started
43de3b8 did prevent empty labels with the same color, but we also want
to prevent label with the same non-empty name and same color because
the rationale is identical.
This commit uses a new package that I need to document. It tries to
solve the long-standing debate in the Meteor community about
allow/deny rules versus methods (RPC).
This approach gives us both the centralized security rules of
allow/deny and the white-list of allowed mutations similarly to Meteor
methods. The idea to have static mutation descriptions is also
inspired by Facebook's Relay/GraphQL.
This will allow the development of a REST API using the high-level
methods instead of the MongoDB queries to do the mapping between the
HTTP requests and our collections.
