mirror of
https://github.com/wekan/wekan.git
synced 2025-04-22 21:17:18 -04:00
45b662a1dd
This commit uses a new package that I need to document. It tries to solve the long-standing debate in the Meteor community about allow/deny rules versus methods (RPC). This approach gives us both the centralized security rules of allow/deny and the white-list of allowed mutations similarly to Meteor methods. The idea to have static mutation descriptions is also inspired by Facebook's Relay/GraphQL. This will allow the development of a REST API using the high-level methods instead of the MongoDB queries to do the mapping between the HTTP requests and our collections.
34 lines
740 B
JavaScript
34 lines
740 B
JavaScript
// This collection shouldn't be manipulated directly by instead throw the
|
|
// `UnsavedEdits` API on the client.
|
|
UnsavedEditCollection = new Mongo.Collection('unsaved-edits');
|
|
|
|
UnsavedEditCollection.attachSchema(new SimpleSchema({
|
|
fieldName: {
|
|
type: String,
|
|
},
|
|
docId: {
|
|
type: String,
|
|
},
|
|
value: {
|
|
type: String,
|
|
},
|
|
userId: {
|
|
type: String,
|
|
},
|
|
}));
|
|
|
|
if (Meteor.isServer) {
|
|
function isAuthor(userId, doc, fieldNames = []) {
|
|
return userId === doc.userId && fieldNames.indexOf('userId') === -1;
|
|
}
|
|
UnsavedEditCollection.allow({
|
|
insert: isAuthor,
|
|
update: isAuthor,
|
|
remove: isAuthor,
|
|
fetch: ['userId'],
|
|
});
|
|
}
|
|
|
|
UnsavedEditCollection.before.insert((userId, doc) => {
|
|
doc.userId = userId;
|
|
});
|