Centralize all mutations at the model level

This commit uses a new package that I need to document. It tries to solve the long-standing debate in the Meteor community about allow/deny rules versus methods (RPC). This approach gives us both the centralized security rules of allow/deny and the white-list of allowed mutations similarly to Meteor methods. The idea to have static mutation descriptions is also inspired by Facebook's Relay/GraphQL. This will allow the development of a REST API using the high-level methods instead of the MongoDB queries to do the mapping between the HTTP requests and our collections.
2026-01-07 01:58:49 +01:00 · 2015-09-08 20:19:42 +02:00 · 2015-09-08 20:19:42 +02:00 · 45b662a1dd
commit 45b662a1dd
parent c04341f1ea
26 changed files with 395 additions and 377 deletions
--- a/models/activities.js
+++ b/models/activities.js
@ -0,0 +1,51 @@
+// Activities don't need a schema because they are always set from the a trusted
+// environment - the server - and there is no risk that a user change the logic
+// we use with this collection. Moreover using a schema for this collection
+// would be difficult (different activities have different fields) and wouldn't
+// bring any direct advantage.
+//
+// XXX The activities API is not so nice and need some functionalities. For
+// instance if a user archive a card, and un-archive it a few seconds later we
+// should remove both activities assuming it was an error the user decided to
+// revert.
+Activities = new Mongo.Collection('activities');
+
+Activities.helpers({
+  board() {
+    return Boards.findOne(this.boardId);
+  },
+  user() {
+    return Users.findOne(this.userId);
+  },
+  member() {
+    return Users.findOne(this.memberId);
+  },
+  list() {
+    return Lists.findOne(this.listId);
+  },
+  oldList() {
+    return Lists.findOne(this.oldListId);
+  },
+  card() {
+    return Cards.findOne(this.cardId);
+  },
+  comment() {
+    return CardComments.findOne(this.commentId);
+  },
+  attachment() {
+    return Attachments.findOne(this.attachmentId);
+  },
+});
+
+Activities.before.insert((userId, doc) => {
+  doc.createdAt = new Date();
+});
+
+// For efficiency create an index on the date of creation.
+if (Meteor.isServer) {
+  Meteor.startup(() => {
+    Activities._collection._ensureIndex({
+      createdAt: -1,
+    });
+  });
+}