diff options
author | Maxime Quandalle <maxime@quandalle.com> | 2015-09-08 20:19:42 +0200 |
---|---|---|
committer | Maxime Quandalle <maxime@quandalle.com> | 2015-09-08 20:19:42 +0200 |
commit | 45b662a1ddb46a0f17fab7b2383c82aa1e1620ef (patch) | |
tree | cc7be215c7e7ebffd2597df70cf271b3dd435e1a /models/cardComments.js | |
parent | c04341f1ea5efe082bf7318cf9eb0e99b9b8374a (diff) | |
download | wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.tar.gz wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.tar.bz2 wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.zip |
Centralize all mutations at the model level
This commit uses a new package that I need to document. It tries to
solve the long-standing debate in the Meteor community about
allow/deny rules versus methods (RPC).
This approach gives us both the centralized security rules of
allow/deny and the white-list of allowed mutations similarly to Meteor
methods. The idea to have static mutation descriptions is also
inspired by Facebook's Relay/GraphQL.
This will allow the development of a REST API using the high-level
methods instead of the MongoDB queries to do the mapping between the
HTTP requests and our collections.
Diffstat (limited to 'models/cardComments.js')
-rw-r--r-- | models/cardComments.js | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/models/cardComments.js b/models/cardComments.js new file mode 100644 index 00000000..224deb03 --- /dev/null +++ b/models/cardComments.js @@ -0,0 +1,69 @@ +CardComments = new Mongo.Collection('card_comments'); + +CardComments.attachSchema(new SimpleSchema({ + boardId: { + type: String, + }, + cardId: { + type: String, + }, + // XXX Rename in `content`? `text` is a bit vague... + text: { + type: String, + }, + // XXX We probably don't need this information here, since we already have it + // in the associated comment creation activity + createdAt: { + type: Date, + denyUpdate: false, + }, + // XXX Should probably be called `authorId` + userId: { + type: String, + }, +})); + +CardComments.allow({ + insert(userId, doc) { + return allowIsBoardMember(userId, Boards.findOne(doc.boardId)); + }, + update(userId, doc) { + return userId === doc.userId; + }, + remove(userId, doc) { + return userId === doc.userId; + }, + fetch: ['userId', 'boardId'], +}); + +CardComments.helpers({ + user() { + return Users.findOne(this.userId); + }, +}); + +CardComments.hookOptions.after.update = { fetchPrevious: false }; + +CardComments.before.insert((userId, doc) => { + doc.createdAt = new Date(); + doc.userId = userId; +}); + +if (Meteor.isServer) { + CardComments.after.insert((userId, doc) => { + Activities.insert({ + userId, + activityType: 'addComment', + boardId: doc.boardId, + cardId: doc.cardId, + commentId: doc._id, + }); + }); + + CardComments.after.remove((userId, doc) => { + const activity = Activities.findOne({ commentId: doc._id }); + if (activity) { + Activities.remove(activity._id); + } + }); +} |