Centralize all mutations at the model level

This commit uses a new package that I need to document. It tries to solve the long-standing debate in the Meteor community about allow/deny rules versus methods (RPC). This approach gives us both the centralized security rules of allow/deny and the white-list of allowed mutations similarly to Meteor methods. The idea to have static mutation descriptions is also inspired by Facebook's Relay/GraphQL. This will allow the development of a REST API using the high-level methods instead of the MongoDB queries to do the mapping between the HTTP requests and our collections.
2026-02-23 16:34:06 +01:00 · 2015-09-08 20:19:42 +02:00 · 2015-09-08 20:19:42 +02:00 · 45b662a1dd
commit 45b662a1dd
parent c04341f1ea
26 changed files with 395 additions and 377 deletions
--- a/client/components/sidebar/sidebar.js
+++ b/client/components/sidebar/sidebar.js
@ -109,14 +109,6 @@ EscapeActions.register('sidebarView',
  () => { return Sidebar && Sidebar.getView() !== defaultView; }
 );

-function getMemberIndex(board, searchId) {
-  for (let i = 0; i < board.members.length; i++) {
-    if (board.members[i].userId === searchId)
-      return i;
-  }
-  throw new Meteor.Error('Member not found');
-}
-
 Template.memberPopup.helpers({
  user() {
    return Users.findOne(this.userId);
@ -135,13 +127,8 @@ Template.memberPopup.events({
  'click .js-change-role': Popup.open('changePermissions'),
  'click .js-remove-member': Popup.afterConfirm('removeMember', function() {
    const currentBoard = Boards.findOne(Session.get('currentBoard'));
-    const memberIndex = getMemberIndex(currentBoard, this.userId);
-
-    Boards.update(currentBoard._id, {
-      $set: {
-        [`members.${memberIndex}.isActive`]: false,
-      },
-    });
+    const memberId = this.userId;
+    currentBoard.removeMember(memberId);
    Popup.close();
  }),
  'click .js-leave-member'() {
@ -209,26 +196,7 @@ Template.addMemberPopup.events({
  'click .js-select-member'() {
    const userId = this._id;
    const currentBoard = Boards.findOne(Session.get('currentBoard'));
-    const currentMembersIds = _.pluck(currentBoard.members, 'userId');
-    if (currentMembersIds.indexOf(userId) === -1) {
-      Boards.update(currentBoard._id, {
-        $push: {
-          members: {
-            userId,
-            isAdmin: false,
-            isActive: true,
-          },
-        },
-      });
-    } else {
-      const memberIndex = getMemberIndex(currentBoard, userId);
-
-      Boards.update(currentBoard._id, {
-        $set: {
-          [`members.${memberIndex}.isActive`]: true,
-        },
-      });
-    }
+    currentBoard.addMember(userId);
    Popup.close();
  },
 });
@ -240,14 +208,9 @@ Template.addMemberPopup.onRendered(function() {
 Template.changePermissionsPopup.events({
  'click .js-set-admin, click .js-set-normal'(event) {
    const currentBoard = Boards.findOne(Session.get('currentBoard'));
-    const memberIndex = getMemberIndex(currentBoard, this.userId);
+    const memberId = this.userId;
    const isAdmin = $(event.currentTarget).hasClass('js-set-admin');
-
-    Boards.update(currentBoard._id, {
-      $set: {
-        [`members.${memberIndex}.isAdmin`]: isAdmin,
-      },
-    });
+    currentBoard.setMemberPermission(memberId, isAdmin);
    Popup.back(1);
  },
 });