Vulcan/packages/telescope-lib/lib/collections.js

/**
 * Meteor Collections.
 * @class Mongo.Collection
 */

/**
 * Add an additional field to a schema.
 * @param {Object} field
 */
Mongo.Collection.prototype.addField = function (field) {

  var collection = this;
  var fieldSchema = {};

  fieldSchema[field.fieldName] = field.fieldSchema;

  // add field schema to collection schema
  collection.attachSchema(fieldSchema);
};

/**
 * Remove a field from a schema.
 * @param {String} fieldName
 */
Mongo.Collection.prototype.removeField = function (fieldName) {

  var collection = this;
  var schema = _.omit(collection.simpleSchema()._schema, fieldName);

  // add field schema to collection schema
  collection.attachSchema(schema, {replace: true});
};

/**
 * Check if an operation is allowed
 * @param {Object} collection – the collection to which the document belongs
 * @param {string} userId – the userId of the user performing the operation
 * @param {Object} document – the document being modified
 * @param {string[]} fieldNames – the names of the fields being modified
 * @param {Object} modifier – the modifier
 */
Telescope.allowCheck = function (collection, userId, document, fieldNames, modifier) {

  var schema = collection.simpleSchema();
  var user = Meteor.users.findOne(userId);
  var allowedFields = schema.getEditableFields(user);
  var fields = [];

  // fieldNames only contains top-level fields, so loop over modifier to get real list of fields
  _.each(modifier, function (operation) {
    fields = fields.concat(_.keys(operation));
  });

  // allow update only if:
  // 1. user has rights to edit the document
  // 2. there is no fields in fieldNames that are not also in allowedFields
  return Users.can.edit(userId, document) && _.difference(fields, allowedFields).length == 0;

};

// Note: using the prototype doesn't work in allow/deny for some reason
Meteor.Collection.prototype.allowCheck = function (userId, document, fieldNames, modifier) {
  Telescope.allowCheck(this, userId, document, fieldNames, modifier);
};

/**
 * Global schemas object. Note: not reactive, won't be updated after initialization
 * @namespace Telescope.schemas
 */
Telescope.schemas = {};

/**
 * @method SimpleSchema.getEditableFields
 * Get a list of all fields editable by a specific user for a given schema
 * @param {Object} user – the user for which to check field permissions
 */
SimpleSchema.prototype.getEditableFields = function (user) {
  var schema = this._schema;
  var fields = _.sortBy(_.filter(_.keys(schema), function (fieldName) {
    var field = schema[fieldName];
    return Users.can.editField(user, field);
  }), function (fieldName) {
    var field = schema[fieldName];
    return field.autoform && field.autoform.order;
  });
  return fields;
};

SimpleSchema.prototype.getPublicFields = function (user) {
  var schema = this._schema;
  var fields = _.filter(_.keys(schema), function (fieldName) {
    var field = schema[fieldName];
    return !!field.public;
  });
  return fields;
};
-												working on documentation

											
										
										
											2015-05-10 13:37:42 +09:00
+								/**
 								 * Meteor Collections.
 								 * @class Mongo.Collection
 								 */
-												refactoring custom fields

											
										
										
											2015-04-24 09:28:50 +09:00
+								/**
 								 * Add an additional field to a schema.
 								 * @param {Object} field
 								 */
-												register -> add

											
										
										
											2015-05-17 15:38:02 +09:00
+								Mongo.Collection.prototype.addField = function (field) {
-												refactoring custom fields

											
										
										
											2015-04-24 09:28:50 +09:00
 								  var collection = this;
 								  var fieldSchema = {};
-												Improve jsHint consistency

This commit touch a lot of lines of code with the goal to be more
rigorous about JavaScript code conventions defined in the `.jshintrc`.

Some modification:

* Add a list of used global symbols in the corresponding section of
  `.jshintrc`
* Use local variables instead of global in a lot of places where the
  keyword `var` was mistakenly forgotten
* Add missing semi-colons after instructions
* Add new lines at the end of files
* Remove trailing whitespaces
* Use newer name of some Meteor APIs, eg `addFiles` instead of
  `add_files`
* Add missing `break` statements in `switch` blocks
* Use `===` instead of `==` and `!==` instead of `!=`
* Remove unused variables

This commit should also fix a few bugs due to this lack of rigor. One
example of that was the test `typeof navElements === "array"` that was
never true because in JavaScript, `typeof [] === "object"`, we
replaced this test by the `_.isArray` method provided by underscore.
It might also fix some potential collision related to global
variables.

There is still plenty of work until Telescope code base passes jsHint
validation, but at least this commit is a step in the right direction.

											
										
										
											2015-05-01 18:22:00 +02:00
-												propertyName -> fieldName; propertySchema -> fieldSchema

											
										
										
											2015-05-10 14:36:47 +09:00
+								  fieldSchema[field.fieldName] = field.fieldSchema;
-												refactoring custom fields

											
										
										
											2015-04-24 09:28:50 +09:00
 								  // add field schema to collection schema
 								  collection.attachSchema(fieldSchema);
-												Improve jsHint consistency

This commit touch a lot of lines of code with the goal to be more
rigorous about JavaScript code conventions defined in the `.jshintrc`.

Some modification:

* Add a list of used global symbols in the corresponding section of
  `.jshintrc`
* Use local variables instead of global in a lot of places where the
  keyword `var` was mistakenly forgotten
* Add missing semi-colons after instructions
* Add new lines at the end of files
* Remove trailing whitespaces
* Use newer name of some Meteor APIs, eg `addFiles` instead of
  `add_files`
* Add missing `break` statements in `switch` blocks
* Use `===` instead of `==` and `!==` instead of `!=`
* Remove unused variables

This commit should also fix a few bugs due to this lack of rigor. One
example of that was the test `typeof navElements === "array"` that was
never true because in JavaScript, `typeof [] === "object"`, we
replaced this test by the `_.isArray` method provided by underscore.
It might also fix some potential collision related to global
variables.

There is still plenty of work until Telescope code base passes jsHint
validation, but at least this commit is a step in the right direction.

											
										
										
											2015-05-01 18:22:00 +02:00
+								};
-												namespace schemas; migrate user profiles

											
										
										
											2015-04-27 09:55:29 +09:00
-												added API for removing collection fields

											
										
										
											2015-04-27 10:30:47 +09:00
+								/**
 								 * Remove a field from a schema.
 								 * @param {String} fieldName
 								 */
-												working on documentation

											
										
										
											2015-05-10 13:37:42 +09:00
+								Mongo.Collection.prototype.removeField = function (fieldName) {
-												added API for removing collection fields

											
										
										
											2015-04-27 10:30:47 +09:00
 								  var collection = this;
 								  var schema = _.omit(collection.simpleSchema()._schema, fieldName);
 								  // add field schema to collection schema
 								  collection.attachSchema(schema, {replace: true});
-												Improve jsHint consistency

This commit touch a lot of lines of code with the goal to be more
rigorous about JavaScript code conventions defined in the `.jshintrc`.

Some modification:

* Add a list of used global symbols in the corresponding section of
  `.jshintrc`
* Use local variables instead of global in a lot of places where the
  keyword `var` was mistakenly forgotten
* Add missing semi-colons after instructions
* Add new lines at the end of files
* Remove trailing whitespaces
* Use newer name of some Meteor APIs, eg `addFiles` instead of
  `add_files`
* Add missing `break` statements in `switch` blocks
* Use `===` instead of `==` and `!==` instead of `!=`
* Remove unused variables

This commit should also fix a few bugs due to this lack of rigor. One
example of that was the test `typeof navElements === "array"` that was
never true because in JavaScript, `typeof [] === "object"`, we
replaced this test by the `_.isArray` method provided by underscore.
It might also fix some potential collision related to global
variables.

There is still plenty of work until Telescope code base passes jsHint
validation, but at least this commit is a step in the right direction.

											
										
										
											2015-05-01 18:22:00 +02:00
+								};
-												added API for removing collection fields

											
										
										
											2015-04-27 10:30:47 +09:00
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								/**
 								 * Check if an operation is allowed
 								 * @param {Object} collection – the collection to which the document belongs
-												working on documentation

											
										
										
											2015-05-07 18:00:23 +09:00
+								 * @param {string} userId – the userId of the user performing the operation
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								 * @param {Object} document – the document being modified
-												working on documentation

											
										
										
											2015-05-07 18:00:23 +09:00
+								 * @param {string[]} fieldNames – the names of the fields being modified
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								 * @param {Object} modifier – the modifier
 								 */
 								Telescope.allowCheck = function (collection, userId, document, fieldNames, modifier) {
 								  var schema = collection.simpleSchema();
 								  var user = Meteor.users.findOne(userId);
 								  var allowedFields = schema.getEditableFields(user);
-												generate list of fields from modifier, not from fieldNames

											
										
										
											2015-04-28 17:29:28 +09:00
+								  var fields = [];
 								  // fieldNames only contains top-level fields, so loop over modifier to get real list of fields
 								  _.each(modifier, function (operation) {
 								    fields = fields.concat(_.keys(operation));
 								  });
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
 								  // allow update only if:
 								  // 1. user has rights to edit the document
 								  // 2. there is no fields in fieldNames that are not also in allowedFields
-												generate list of fields from modifier, not from fieldNames

											
										
										
											2015-04-28 17:29:28 +09:00
+								  return Users.can.edit(userId, document) && _.difference(fields, allowedFields).length == 0;
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
-												Improve jsHint consistency

This commit touch a lot of lines of code with the goal to be more
rigorous about JavaScript code conventions defined in the `.jshintrc`.

Some modification:

* Add a list of used global symbols in the corresponding section of
  `.jshintrc`
* Use local variables instead of global in a lot of places where the
  keyword `var` was mistakenly forgotten
* Add missing semi-colons after instructions
* Add new lines at the end of files
* Remove trailing whitespaces
* Use newer name of some Meteor APIs, eg `addFiles` instead of
  `add_files`
* Add missing `break` statements in `switch` blocks
* Use `===` instead of `==` and `!==` instead of `!=`
* Remove unused variables

This commit should also fix a few bugs due to this lack of rigor. One
example of that was the test `typeof navElements === "array"` that was
never true because in JavaScript, `typeof [] === "object"`, we
replaced this test by the `_.isArray` method provided by underscore.
It might also fix some potential collision related to global
variables.

There is still plenty of work until Telescope code base passes jsHint
validation, but at least this commit is a step in the right direction.

											
										
										
											2015-05-01 18:22:00 +02:00
+								};
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
 								// Note: using the prototype doesn't work in allow/deny for some reason
 								Meteor.Collection.prototype.allowCheck = function (userId, document, fieldNames, modifier) {
 								  Telescope.allowCheck(this, userId, document, fieldNames, modifier);
-												Improve jsHint consistency

This commit touch a lot of lines of code with the goal to be more
rigorous about JavaScript code conventions defined in the `.jshintrc`.

Some modification:

* Add a list of used global symbols in the corresponding section of
  `.jshintrc`
* Use local variables instead of global in a lot of places where the
  keyword `var` was mistakenly forgotten
* Add missing semi-colons after instructions
* Add new lines at the end of files
* Remove trailing whitespaces
* Use newer name of some Meteor APIs, eg `addFiles` instead of
  `add_files`
* Add missing `break` statements in `switch` blocks
* Use `===` instead of `==` and `!==` instead of `!=`
* Remove unused variables

This commit should also fix a few bugs due to this lack of rigor. One
example of that was the test `typeof navElements === "array"` that was
never true because in JavaScript, `typeof [] === "object"`, we
replaced this test by the `_.isArray` method provided by underscore.
It might also fix some potential collision related to global
variables.

There is still plenty of work until Telescope code base passes jsHint
validation, but at least this commit is a step in the right direction.

											
										
										
											2015-05-01 18:22:00 +02:00
+								};
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
-												namespace schemas; migrate user profiles

											
										
										
											2015-04-27 09:55:29 +09:00
+								/**
-												using Users.can.editField for post and comment submit and edit methods

											
										
										
											2015-04-28 10:45:00 +09:00
+								 * Global schemas object. Note: not reactive, won't be updated after initialization
-												namespace schemas; migrate user profiles

											
										
										
											2015-04-27 09:55:29 +09:00
+								 * @namespace Telescope.schemas
 								 */
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								Telescope.schemas = {};
 								/**
-												working on documentation

											
										
										
											2015-05-10 13:37:42 +09:00
+								 * @method SimpleSchema.getEditableFields
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								 * Get a list of all fields editable by a specific user for a given schema
 								 * @param {Object} user – the user for which to check field permissions
 								 */
 								SimpleSchema.prototype.getEditableFields = function (user) {
 								  var schema = this._schema;
-												updating versions; making forms orderable; adding modules.removeAll

											
										
										
											2015-05-16 17:49:16 +09:00
+								  var fields = _.sortBy(_.filter(_.keys(schema), function (fieldName) {
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								    var field = schema[fieldName];
 								    return Users.can.editField(user, field);
-												updating versions; making forms orderable; adding modules.removeAll

											
										
										
											2015-05-16 17:49:16 +09:00
+								  }), function (fieldName) {
 								    var field = schema[fieldName];
 								    return field.autoform && field.autoform.order;
-												owner -> member; set allow/deny for posts, comments, users

											
										
										
											2015-04-28 17:15:53 +09:00
+								  });
 								  return fields;
-												make profile fields flexible ("read-only Autoform")

											
										
										
											2015-05-16 12:34:50 +09:00
+								};
 								SimpleSchema.prototype.getPublicFields = function (user) {
 								  var schema = this._schema;
 								  var fields = _.filter(_.keys(schema), function (fieldName) {
 								    var field = schema[fieldName];
 								    return !!field.public;
 								  });
 								  return fields;
-												use auto form for profile completion screen

											
										
										
											2015-05-06 12:56:59 +09:00
+								};