Centralize all mutations at the model level

This commit uses a new package that I need to document. It tries to solve the long-standing debate in the Meteor community about allow/deny rules versus methods (RPC). This approach gives us both the centralized security rules of allow/deny and the white-list of allowed mutations similarly to Meteor methods. The idea to have static mutation descriptions is also inspired by Facebook's Relay/GraphQL. This will allow the development of a REST API using the high-level methods instead of the MongoDB queries to do the mapping between the HTTP requests and our collections.
2025-12-16 15:30:13 +01:00 · 2015-09-08 20:19:42 +02:00 · 2015-09-08 20:19:42 +02:00 · 45b662a1dd
commit 45b662a1dd
parent c04341f1ea
26 changed files with 395 additions and 377 deletions
--- a/sandstorm.js
+++ b/sandstorm.js
@ -25,11 +25,7 @@ if (isSandstorm && Meteor.isServer) {
  // apparently meteor-core misses an API to handle that cleanly, cf.
  // https://github.com/meteor/meteor/blob/ff783e9a12ffa04af6fd163843a563c9f4bbe8c1/packages/accounts-base/accounts_server.js#L1143
  function updateUserAvatar(userId, avatarUrl) {
-    Users.update(userId, {
-      $set: {
-        'profile.avatarUrl': avatarUrl,
-      },
-    });
+    Users.findOne(userId).setAvatarUrl(avatarUrl);
  }

  function updateUserPermissions(userId, permissions) {