diff options
author | Maxime Quandalle <maxime@quandalle.com> | 2015-09-08 20:19:42 +0200 |
---|---|---|
committer | Maxime Quandalle <maxime@quandalle.com> | 2015-09-08 20:19:42 +0200 |
commit | 45b662a1ddb46a0f17fab7b2383c82aa1e1620ef (patch) | |
tree | cc7be215c7e7ebffd2597df70cf271b3dd435e1a /client/components/sidebar/sidebar.js | |
parent | c04341f1ea5efe082bf7318cf9eb0e99b9b8374a (diff) | |
download | wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.tar.gz wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.tar.bz2 wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.zip |
Centralize all mutations at the model level
This commit uses a new package that I need to document. It tries to
solve the long-standing debate in the Meteor community about
allow/deny rules versus methods (RPC).
This approach gives us both the centralized security rules of
allow/deny and the white-list of allowed mutations similarly to Meteor
methods. The idea to have static mutation descriptions is also
inspired by Facebook's Relay/GraphQL.
This will allow the development of a REST API using the high-level
methods instead of the MongoDB queries to do the mapping between the
HTTP requests and our collections.
Diffstat (limited to 'client/components/sidebar/sidebar.js')
-rw-r--r-- | client/components/sidebar/sidebar.js | 47 |
1 files changed, 5 insertions, 42 deletions
diff --git a/client/components/sidebar/sidebar.js b/client/components/sidebar/sidebar.js index eff0ef52..8c58c37e 100644 --- a/client/components/sidebar/sidebar.js +++ b/client/components/sidebar/sidebar.js @@ -109,14 +109,6 @@ EscapeActions.register('sidebarView', () => { return Sidebar && Sidebar.getView() !== defaultView; } ); -function getMemberIndex(board, searchId) { - for (let i = 0; i < board.members.length; i++) { - if (board.members[i].userId === searchId) - return i; - } - throw new Meteor.Error('Member not found'); -} - Template.memberPopup.helpers({ user() { return Users.findOne(this.userId); @@ -135,13 +127,8 @@ Template.memberPopup.events({ 'click .js-change-role': Popup.open('changePermissions'), 'click .js-remove-member': Popup.afterConfirm('removeMember', function() { const currentBoard = Boards.findOne(Session.get('currentBoard')); - const memberIndex = getMemberIndex(currentBoard, this.userId); - - Boards.update(currentBoard._id, { - $set: { - [`members.${memberIndex}.isActive`]: false, - }, - }); + const memberId = this.userId; + currentBoard.removeMember(memberId); Popup.close(); }), 'click .js-leave-member'() { @@ -209,26 +196,7 @@ Template.addMemberPopup.events({ 'click .js-select-member'() { const userId = this._id; const currentBoard = Boards.findOne(Session.get('currentBoard')); - const currentMembersIds = _.pluck(currentBoard.members, 'userId'); - if (currentMembersIds.indexOf(userId) === -1) { - Boards.update(currentBoard._id, { - $push: { - members: { - userId, - isAdmin: false, - isActive: true, - }, - }, - }); - } else { - const memberIndex = getMemberIndex(currentBoard, userId); - - Boards.update(currentBoard._id, { - $set: { - [`members.${memberIndex}.isActive`]: true, - }, - }); - } + currentBoard.addMember(userId); Popup.close(); }, }); @@ -240,14 +208,9 @@ Template.addMemberPopup.onRendered(function() { Template.changePermissionsPopup.events({ 'click .js-set-admin, click .js-set-normal'(event) { const currentBoard = Boards.findOne(Session.get('currentBoard')); - const memberIndex = getMemberIndex(currentBoard, this.userId); + const memberId = this.userId; const isAdmin = $(event.currentTarget).hasClass('js-set-admin'); - - Boards.update(currentBoard._id, { - $set: { - [`members.${memberIndex}.isAdmin`]: isAdmin, - }, - }); + currentBoard.setMemberPermission(memberId, isAdmin); Popup.back(1); }, }); |