mirror of
https://github.com/wekan/wekan.git
synced 2025-09-22 01:50:48 +02:00
45b662a1dd
This commit uses a new package that I need to document. It tries to solve the long-standing debate in the Meteor community about allow/deny rules versus methods (RPC). This approach gives us both the centralized security rules of allow/deny and the white-list of allowed mutations similarly to Meteor methods. The idea to have static mutation descriptions is also inspired by Facebook's Relay/GraphQL. This will allow the development of a REST API using the high-level methods instead of the MongoDB queries to do the mapping between the HTTP requests and our collections.
110 lines
2 KiB
JavaScript
110 lines
2 KiB
JavaScript
Lists = new Mongo.Collection('lists');
|
|
|
|
Lists.attachSchema(new SimpleSchema({
|
|
title: {
|
|
type: String,
|
|
},
|
|
archived: {
|
|
type: Boolean,
|
|
},
|
|
boardId: {
|
|
type: String,
|
|
},
|
|
createdAt: {
|
|
type: Date,
|
|
denyUpdate: true,
|
|
},
|
|
sort: {
|
|
type: Number,
|
|
decimal: true,
|
|
// XXX We should probably provide a default
|
|
optional: true,
|
|
},
|
|
updatedAt: {
|
|
type: Date,
|
|
denyInsert: true,
|
|
optional: true,
|
|
},
|
|
}));
|
|
|
|
Lists.allow({
|
|
insert(userId, doc) {
|
|
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
|
|
},
|
|
update(userId, doc) {
|
|
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
|
|
},
|
|
remove(userId, doc) {
|
|
return allowIsBoardMember(userId, Boards.findOne(doc.boardId));
|
|
},
|
|
fetch: ['boardId'],
|
|
});
|
|
|
|
Lists.helpers({
|
|
cards() {
|
|
return Cards.find(Filter.mongoSelector({
|
|
listId: this._id,
|
|
archived: false,
|
|
}), { sort: ['sort'] });
|
|
},
|
|
|
|
allCards() {
|
|
return Cards.find({ listId: this._id });
|
|
},
|
|
|
|
board() {
|
|
return Boards.findOne(this.boardId);
|
|
},
|
|
});
|
|
|
|
Lists.mutations({
|
|
rename(title) {
|
|
return { $set: { title }};
|
|
},
|
|
|
|
archive() {
|
|
return { $set: { archived: true }};
|
|
},
|
|
|
|
restore() {
|
|
return { $set: { archived: false }};
|
|
},
|
|
});
|
|
|
|
Lists.hookOptions.after.update = { fetchPrevious: false };
|
|
|
|
Lists.before.insert((userId, doc) => {
|
|
doc.createdAt = new Date();
|
|
doc.archived = false;
|
|
if (!doc.userId)
|
|
doc.userId = userId;
|
|
});
|
|
|
|
Lists.before.update((userId, doc, fieldNames, modifier) => {
|
|
modifier.$set = modifier.$set || {};
|
|
modifier.$set.modifiedAt = new Date();
|
|
});
|
|
|
|
if (Meteor.isServer) {
|
|
Lists.after.insert((userId, doc) => {
|
|
Activities.insert({
|
|
userId,
|
|
type: 'list',
|
|
activityType: 'createList',
|
|
boardId: doc.boardId,
|
|
listId: doc._id,
|
|
});
|
|
});
|
|
|
|
Lists.after.update((userId, doc) => {
|
|
if (doc.archived) {
|
|
Activities.insert({
|
|
userId,
|
|
type: 'list',
|
|
activityType: 'archivedList',
|
|
listId: doc._id,
|
|
boardId: doc.boardId,
|
|
});
|
|
}
|
|
});
|
|
}
|