diff options
Diffstat (limited to 'sandstorm.js')
-rw-r--r-- | sandstorm.js | 28 |
1 files changed, 9 insertions, 19 deletions
diff --git a/sandstorm.js b/sandstorm.js index b0039d63..b3006454 100644 --- a/sandstorm.js +++ b/sandstorm.js @@ -21,16 +21,9 @@ if (isSandstorm && Meteor.isServer) { permission: 'public', }; - // This function should probably be handled by `accounts-sandstorm` but - // apparently meteor-core misses an API to handle that cleanly, cf. - // https://github.com/meteor/meteor/blob/ff783e9a12ffa04af6fd163843a563c9f4bbe8c1/packages/accounts-base/accounts_server.js#L1143 - function updateUserAvatar(userId, avatarUrl) { - Users.findOne(userId).setAvatarUrl(avatarUrl); - } - function updateUserPermissions(userId, permissions) { - const isActive = permissions.indexOf('participate') > -1; - const isAdmin = permissions.indexOf('configure') > -1; + const isActive = permissions.includes('participate'); + const isAdmin = permissions.includes('configure'); const permissionDoc = { userId, isActive, isAdmin }; const boardMembers = Boards.findOne(sandstormBoard._id).members; @@ -55,7 +48,8 @@ if (isSandstorm && Meteor.isServer) { // and the home page was accessible by pressing the back button of the // browser, a server-side redirection solves both of these issues. // - // XXX Maybe sandstorm manifest could provide some kind of "home URL"? + // XXX Maybe the sandstorm http-bridge could provide some kind of "home URL" + // in the manifest? const base = req.headers['x-sandstorm-base-path']; // XXX If this routing scheme changes, this will break. We should generate // the location URL using the router, but at the time of writing, the @@ -68,20 +62,14 @@ if (isSandstorm && Meteor.isServer) { res.end(); // `accounts-sandstorm` populate the Users collection when new users - // accesses the document, but in case a already known user come back, we + // accesses the document, but in case a already known user comes back, we // need to update his associated document to match the request HTTP headers // informations. const user = Users.findOne({ 'services.sandstorm.id': req.headers['x-sandstorm-user-id'], }); if (user) { - const userId = user._id; - const avatarUrl = req.headers['x-sandstorm-user-picture']; - const permissions = req.headers['x-sandstorm-permissions'].split(',') || []; - - // XXX The user may also change his name, we should handle it. - updateUserAvatar(userId, avatarUrl); - updateUserPermissions(userId, permissions); + updateUserPermissions(user._id, user.permissions); } }); @@ -90,6 +78,8 @@ if (isSandstorm && Meteor.isServer) { // unique board document. Note that when the `Users.after.insert` hook is // called, the user is inserted into the database but not connected. So // despite the appearances `userId` is null in this block. + // + // XXX We should support the `preferredHandle` exposed by Sandstorm Users.after.insert((userId, doc) => { if (!Boards.findOne(sandstormBoard._id)) { Boards.insert(sandstormBoard, {validate: false}); @@ -104,7 +94,7 @@ if (isSandstorm && Meteor.isServer) { // LibreBoard v0.8 didn’t implement the Sandstorm sharing model and instead // kept the visibility setting (“public” or “private”) in the UI as does the - // main Meteor application. We need to enforce “public” visibility has the + // main Meteor application. We need to enforce “public” visibility as the // sharing is now handled by Sandstorm. // See https://github.com/wekan/wekan/issues/346 Migrations.add('enforce-public-visibility-for-sandstorm', () => { |