Centralize all mutations at the model level

This commit uses a new package that I need to document. It tries to solve the long-standing debate in the Meteor community about allow/deny rules versus methods (RPC). This approach gives us both the centralized security rules of allow/deny and the white-list of allowed mutations similarly to Meteor methods. The idea to have static mutation descriptions is also inspired by Facebook's Relay/GraphQL. This will allow the development of a REST API using the high-level methods instead of the MongoDB queries to do the mapping between the HTTP requests and our collections.
2025-12-16 23:40:13 +01:00 · 2015-09-08 20:19:42 +02:00 · 2015-09-08 20:19:42 +02:00 · 45b662a1dd
commit 45b662a1dd
parent c04341f1ea
26 changed files with 395 additions and 377 deletions
--- a/models/cardComments.js
+++ b/models/cardComments.js
@ -0,0 +1,69 @@
+CardComments = new Mongo.Collection('card_comments');
+
+CardComments.attachSchema(new SimpleSchema({
+  boardId: {
+    type: String,
+  },
+  cardId: {
+    type: String,
+  },
+  // XXX Rename in `content`? `text` is a bit vague...
+  text: {
+    type: String,
+  },
+  // XXX We probably don't need this information here, since we already have it
+  // in the associated comment creation activity
+  createdAt: {
+    type: Date,
+    denyUpdate: false,
+  },
+  // XXX Should probably be called `authorId`
+  userId: {
+    type: String,
+  },
+}));
+
+CardComments.allow({
+  insert(userId, doc) {
+    return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
+  },
+  update(userId, doc) {
+    return userId === doc.userId;
+  },
+  remove(userId, doc) {
+    return userId === doc.userId;
+  },
+  fetch: ['userId', 'boardId'],
+});
+
+CardComments.helpers({
+  user() {
+    return Users.findOne(this.userId);
+  },
+});
+
+CardComments.hookOptions.after.update = { fetchPrevious: false };
+
+CardComments.before.insert((userId, doc) => {
+  doc.createdAt = new Date();
+  doc.userId = userId;
+});
+
+if (Meteor.isServer) {
+  CardComments.after.insert((userId, doc) => {
+    Activities.insert({
+      userId,
+      activityType: 'addComment',
+      boardId: doc.boardId,
+      cardId: doc.cardId,
+      commentId: doc._id,
+    });
+  });
+
+  CardComments.after.remove((userId, doc) => {
+    const activity = Activities.findOne({ commentId: doc._id });
+    if (activity) {
+      Activities.remove(activity._id);
+    }
+  });
+}