Vulcan/packages/nova-users/lib/methods.js

import Telescope from 'meteor/nova:lib';
import Users from './collection.js';

var completeUserProfile = function (userId, modifier, user) {

  Users.update(userId, modifier);

  Telescope.callbacks.runAsync("users.profileCompleted.async", Users.findOne(userId));

  return Users.findOne(userId);

};

Users.methods = {};

/**
 * @summary Edit a user in the database
 * @param {string} userId – the ID of the user being edited
 * @param {Object} modifier – the modifier object
 * @param {Object} user - the current user object
 */
Users.methods.edit = (userId, modifier, user) => {
  
  if (typeof user === "undefined") {
    user = Users.findOne(userId);
  }

  // ------------------------------ Callbacks ------------------------------ //

  modifier = Telescope.callbacks.run("users.edit.sync", modifier, user);

  // ------------------------------ Update ------------------------------ //

  Users.update(userId, modifier);

  // ------------------------------ Callbacks ------------------------------ //

  Telescope.callbacks.runAsync("users.edit.async", Users.findOne(userId), user);

  // ------------------------------ After Update ------------------------------ //
  return Users.findOne(userId);
  
}

Users.methods.setSetting = (userId, settingName, value) => {
  // all users settings should begin with the prexi __: user.__setting namespace, so add "__" if needed
  var field = settingName.slice(0,2) === "__" ? settingName : "__" + settingName;

  var modifier = {$set: {}};
  modifier.$set[field] = value;

  Users.update(userId, modifier);
}

Users.methods.addGroup = (userId, groupName) => {
  Users.update(userId, {$push: {"__groups": groupName}});
};

Users.methods.removeGroup = (userId, groupName) => {
  Users.update(userId, {$pull: {"__groups": groupName}});
};

Meteor.methods({
  'users.edit'(userId, modifier) {

    // checking might be redundant because SimpleSchema already enforces the schema, but you never know
    check(modifier, Match.OneOf({$set: Users.simpleSchema()}, {$unset: Object}, {$set: Users.simpleSchema(), $unset: Object}));
    check(userId, String);

    var currentUser = Meteor.user(),
        user = Users.findOne(userId),
        schema = Users.simpleSchema()._schema;

    // ------------------------------ Checks ------------------------------ //

    // check that user can edit document
    if (!user || !Users.canEdit(currentUser, user)) {
      throw new Meteor.Error(601, 'sorry_you_cannot_edit_this_user');
    }

    // go over each field and throw an error if it's not editable
    // loop over each operation ($set, $unset, etc.)
    _.each(modifier, function (operation) {
      // loop over each property being operated on
      _.keys(operation).forEach(function (fieldName) {

        var field = schema[fieldName];
        if (!Users.canEditField(currentUser, field, user)) {
          throw new Meteor.Error("disallowed_property", 'disallowed_property_detected' + ": " + fieldName);
        }

      });
    });

    return Users.methods.edit(userId, modifier, user);

  },

  'users.remove'(userId, options) {

    if (Users.canDo(Meteor.user(), "users.remove.all")) {

      const user = Users.findOne(userId);

      Users.remove(userId);

      Telescope.callbacks.runAsync("users.remove.async", user, options);
    
    }

  },

  'users.setSetting'(userId, settingName, value) {

    check(userId, String);
    check(settingName, String);
    check(value, Match.OneOf(String, Number, Boolean));

    var currentUser = Meteor.user(),
      user = Users.findOne(userId);

    // check that user can edit document
    if (!user || !Users.canEdit(currentUser, user)) {
      throw new Meteor.Error(601, 'sorry_you_cannot_edit_this_user');
    }

    Users.methods.setSetting(userId, settingName, value);

  }

});
-												remove Telescope global

											
										
										
											2016-08-08 11:18:21 +09:00
+								import Telescope from 'meteor/nova:lib';
-												removing Users global

											
										
										
											2016-06-23 15:00:58 +09:00
+								import Users from './collection.js';
-												add imports

											
										
										
											2016-06-15 11:07:10 +09:00
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								var completeUserProfile = function (userId, modifier, user) {
-												i18ze users package; add profileCompletedAsync callback hook

											
										
										
											2015-05-06 16:41:15 +09:00
-												make profileCompletedAsync callback work; make invites work even with Twitter or Facebook accounts

											
										
										
											2015-05-19 12:34:27 +09:00
+								  Users.update(userId, modifier);
-												i18ze users package; add profileCompletedAsync callback hook

											
										
										
											2015-05-06 16:41:15 +09:00
-												consistency on users callbacks (users.new, users.profileCompleted), remove dead code (~copy of users.edit method) not used anymore: what it did is now handled thanks to callbacks

											
										
										
											2016-10-07 10:50:21 +02:00
+								  Telescope.callbacks.runAsync("users.profileCompleted.async", Users.findOne(userId));
-												i18ze users package; add profileCompletedAsync callback hook

											
										
										
											2015-05-06 16:41:15 +09:00
-												make profileCompletedAsync callback work; make invites work even with Twitter or Facebook accounts

											
										
										
											2015-05-19 12:34:27 +09:00
+								  return Users.findOne(userId);
-												i18ze users package; add profileCompletedAsync callback hook

											
										
										
											2015-05-06 16:41:15 +09:00
 								};
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								Users.methods = {};
-												removing Posts global

											
										
										
											2016-06-23 11:40:35 +09:00
+								/**
 								 * @summary Edit a user in the database
 								 * @param {string} userId – the ID of the user being edited
 								 * @param {Object} modifier – the modifier object
 								 * @param {Object} user - the current user object
 								 */
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								Users.methods.edit = (userId, modifier, user) => {
 								  if (typeof user === "undefined") {
-												removing Posts global

											
										
										
											2016-06-23 11:40:35 +09:00
+								    user = Users.findOne(userId);
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								  }
 								  // ------------------------------ Callbacks ------------------------------ //
-												consistency on users callbacks (users.new, users.profileCompleted), remove dead code (~copy of users.edit method) not used anymore: what it did is now handled thanks to callbacks

											
										
										
											2016-10-07 10:50:21 +02:00
+								  modifier = Telescope.callbacks.run("users.edit.sync", modifier, user);
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
 								  // ------------------------------ Update ------------------------------ //
 								  Users.update(userId, modifier);
 								  // ------------------------------ Callbacks ------------------------------ //
-												consistency on users callbacks (users.new, users.profileCompleted), remove dead code (~copy of users.edit method) not used anymore: what it did is now handled thanks to callbacks

											
										
										
											2016-10-07 10:50:21 +02:00
+								  Telescope.callbacks.runAsync("users.edit.async", Users.findOne(userId), user);
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
 								  // ------------------------------ After Update ------------------------------ //
 								  return Users.findOne(userId);
 								}
-												move newsletter callback to server only; split users.setSetting method in method+mutator; always call mutator directly when on server

											
										
										
											2016-06-15 19:55:59 +09:00
+								Users.methods.setSetting = (userId, settingName, value) => {
-												use a more generic prefix (__) for users settings and adapt Users.methods.setSetting

											
										
										
											2016-11-10 14:22:47 +01:00
+								  // all users settings should begin with the prexi __: user.__setting namespace, so add "__" if needed
 								  var field = settingName.slice(0,2) === "__" ? settingName : "__" + settingName;
-												move newsletter callback to server only; split users.setSetting method in method+mutator; always call mutator directly when on server

											
										
										
											2016-06-15 19:55:59 +09:00
 								  var modifier = {$set: {}};
 								  modifier.$set[field] = value;
 								  Users.update(userId, modifier);
 								}
-												groups first pass

											
										
										
											2016-07-19 17:30:59 +09:00
+								Users.methods.addGroup = (userId, groupName) => {
-												use a more generic prefix (__) for users settings and adapt Users.methods.setSetting

											
										
										
											2016-11-10 14:22:47 +01:00
+								  Users.update(userId, {$push: {"__groups": groupName}});
-												groups first pass

											
										
										
											2016-07-19 17:30:59 +09:00
+								};
 								Users.methods.removeGroup = (userId, groupName) => {
-												use a more generic prefix (__) for users settings and adapt Users.methods.setSetting

											
										
										
											2016-11-10 14:22:47 +01:00
+								  Users.update(userId, {$pull: {"__groups": groupName}});
-												groups first pass

											
										
										
											2016-07-19 17:30:59 +09:00
+								};
-												clean up users package files

											
										
										
											2015-05-06 12:28:00 +09:00
+								Meteor.methods({
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								  'users.edit'(userId, modifier) {
 								    // checking might be redundant because SimpleSchema already enforces the schema, but you never know
 								    check(modifier, Match.OneOf({$set: Users.simpleSchema()}, {$unset: Object}, {$set: Users.simpleSchema(), $unset: Object}));
 								    check(userId, String);
 								    var currentUser = Meteor.user(),
 								        user = Users.findOne(userId),
 								        schema = Users.simpleSchema()._schema;
 								    // ------------------------------ Checks ------------------------------ //
 								    // check that user can edit document
-												permissions clean up & refactoring

											
										
										
											2016-07-20 10:25:05 +09:00
+								    if (!user || !Users.canEdit(currentUser, user)) {
-												more i18n cleanup

											
										
										
											2016-07-07 10:38:18 +09:00
+								      throw new Meteor.Error(601, 'sorry_you_cannot_edit_this_user');
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								    }
 								    // go over each field and throw an error if it's not editable
 								    // loop over each operation ($set, $unset, etc.)
 								    _.each(modifier, function (operation) {
 								      // loop over each property being operated on
 								      _.keys(operation).forEach(function (fieldName) {
 								        var field = schema[fieldName];
-												permissions clean up & refactoring

											
										
										
											2016-07-20 10:25:05 +09:00
+								        if (!Users.canEditField(currentUser, field, user)) {
-												more i18n cleanup

											
										
										
											2016-07-07 10:38:18 +09:00
+								          throw new Meteor.Error("disallowed_property", 'disallowed_property_detected' + ": " + fieldName);
-												user edit/account page

											
										
										
											2016-02-23 11:34:40 +09:00
+								        }
 								      });
 								    });
 								    return Users.methods.edit(userId, modifier, user);
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
+								  },
-												removing Posts global

											
										
										
											2016-06-23 11:40:35 +09:00
+								  'users.remove'(userId, options) {
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
-												more permissions refactoring

											
										
										
											2016-07-21 09:53:58 +09:00
+								    if (Users.canDo(Meteor.user(), "users.remove.all")) {
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
-												removing Posts global

											
										
										
											2016-06-23 11:40:35 +09:00
+								      const user = Users.findOne(userId);
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
-												prefer Users namespace to Meteor.users in active packages

											
										
										
											2016-10-05 08:37:48 +02:00
+								      Users.remove(userId);
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
-												removing Posts global

											
										
										
											2016-06-23 11:40:35 +09:00
+								      Telescope.callbacks.runAsync("users.remove.async", user, options);
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
 								    }
-												add users.setSetting method; finish newsletter; add close button to messages

											
										
										
											2016-03-27 17:30:28 +09:00
+								  },
 								  'users.setSetting'(userId, settingName, value) {
 								    check(userId, String);
 								    check(settingName, String);
 								    check(value, Match.OneOf(String, Number, Boolean));
 								    var currentUser = Meteor.user(),
 								      user = Users.findOne(userId);
 								    // check that user can edit document
-												permissions clean up & refactoring

											
										
										
											2016-07-20 10:25:05 +09:00
+								    if (!user || !Users.canEdit(currentUser, user)) {
-												remove old i18n function call

											
										
										
											2016-07-04 10:42:50 +09:00
+								      throw new Meteor.Error(601, 'sorry_you_cannot_edit_this_user');
-												add users.setSetting method; finish newsletter; add close button to messages

											
										
										
											2016-03-27 17:30:28 +09:00
+								    }
-												move newsletter callback to server only; split users.setSetting method in method+mutator; always call mutator directly when on server

											
										
										
											2016-06-15 19:55:59 +09:00
+								    Users.methods.setSetting(userId, settingName, value);
-												add users.setSetting method; finish newsletter; add close button to messages

											
										
										
											2016-03-27 17:30:28 +09:00
-												clean up users package files

											
										
										
											2015-05-06 12:28:00 +09:00
+								  }
-												add removeUser method to also remove a user's post

											
										
										
											2015-09-21 09:59:17 +09:00
-												clean up users package files

											
										
										
											2015-05-06 12:28:00 +09:00
+								});