diff options
author | Maxime Quandalle <maxime@quandalle.com> | 2015-09-08 20:19:42 +0200 |
---|---|---|
committer | Maxime Quandalle <maxime@quandalle.com> | 2015-09-08 20:19:42 +0200 |
commit | 45b662a1ddb46a0f17fab7b2383c82aa1e1620ef (patch) | |
tree | cc7be215c7e7ebffd2597df70cf271b3dd435e1a /sandstorm.js | |
parent | c04341f1ea5efe082bf7318cf9eb0e99b9b8374a (diff) | |
download | wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.tar.gz wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.tar.bz2 wekan-45b662a1ddb46a0f17fab7b2383c82aa1e1620ef.zip |
Centralize all mutations at the model level
This commit uses a new package that I need to document. It tries to
solve the long-standing debate in the Meteor community about
allow/deny rules versus methods (RPC).
This approach gives us both the centralized security rules of
allow/deny and the white-list of allowed mutations similarly to Meteor
methods. The idea to have static mutation descriptions is also
inspired by Facebook's Relay/GraphQL.
This will allow the development of a REST API using the high-level
methods instead of the MongoDB queries to do the mapping between the
HTTP requests and our collections.
Diffstat (limited to 'sandstorm.js')
-rw-r--r-- | sandstorm.js | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sandstorm.js b/sandstorm.js index c430c3a8..97d42bdf 100644 --- a/sandstorm.js +++ b/sandstorm.js @@ -25,11 +25,7 @@ if (isSandstorm && Meteor.isServer) { // apparently meteor-core misses an API to handle that cleanly, cf. // https://github.com/meteor/meteor/blob/ff783e9a12ffa04af6fd163843a563c9f4bbe8c1/packages/accounts-base/accounts_server.js#L1143 function updateUserAvatar(userId, avatarUrl) { - Users.update(userId, { - $set: { - 'profile.avatarUrl': avatarUrl, - }, - }); + Users.findOne(userId).setAvatarUrl(avatarUrl); } function updateUserPermissions(userId, permissions) { |