summaryrefslogtreecommitdiffstats
path: root/sandstorm.js
diff options
context:
space:
mode:
Diffstat (limited to 'sandstorm.js')
-rw-r--r--sandstorm.js28
1 files changed, 9 insertions, 19 deletions
diff --git a/sandstorm.js b/sandstorm.js
index b0039d63..b3006454 100644
--- a/sandstorm.js
+++ b/sandstorm.js
@@ -21,16 +21,9 @@ if (isSandstorm && Meteor.isServer) {
permission: 'public',
};
- // This function should probably be handled by `accounts-sandstorm` but
- // apparently meteor-core misses an API to handle that cleanly, cf.
- // https://github.com/meteor/meteor/blob/ff783e9a12ffa04af6fd163843a563c9f4bbe8c1/packages/accounts-base/accounts_server.js#L1143
- function updateUserAvatar(userId, avatarUrl) {
- Users.findOne(userId).setAvatarUrl(avatarUrl);
- }
-
function updateUserPermissions(userId, permissions) {
- const isActive = permissions.indexOf('participate') > -1;
- const isAdmin = permissions.indexOf('configure') > -1;
+ const isActive = permissions.includes('participate');
+ const isAdmin = permissions.includes('configure');
const permissionDoc = { userId, isActive, isAdmin };
const boardMembers = Boards.findOne(sandstormBoard._id).members;
@@ -55,7 +48,8 @@ if (isSandstorm && Meteor.isServer) {
// and the home page was accessible by pressing the back button of the
// browser, a server-side redirection solves both of these issues.
//
- // XXX Maybe sandstorm manifest could provide some kind of "home URL"?
+ // XXX Maybe the sandstorm http-bridge could provide some kind of "home URL"
+ // in the manifest?
const base = req.headers['x-sandstorm-base-path'];
// XXX If this routing scheme changes, this will break. We should generate
// the location URL using the router, but at the time of writing, the
@@ -68,20 +62,14 @@ if (isSandstorm && Meteor.isServer) {
res.end();
// `accounts-sandstorm` populate the Users collection when new users
- // accesses the document, but in case a already known user come back, we
+ // accesses the document, but in case a already known user comes back, we
// need to update his associated document to match the request HTTP headers
// informations.
const user = Users.findOne({
'services.sandstorm.id': req.headers['x-sandstorm-user-id'],
});
if (user) {
- const userId = user._id;
- const avatarUrl = req.headers['x-sandstorm-user-picture'];
- const permissions = req.headers['x-sandstorm-permissions'].split(',') || [];
-
- // XXX The user may also change his name, we should handle it.
- updateUserAvatar(userId, avatarUrl);
- updateUserPermissions(userId, permissions);
+ updateUserPermissions(user._id, user.permissions);
}
});
@@ -90,6 +78,8 @@ if (isSandstorm && Meteor.isServer) {
// unique board document. Note that when the `Users.after.insert` hook is
// called, the user is inserted into the database but not connected. So
// despite the appearances `userId` is null in this block.
+ //
+ // XXX We should support the `preferredHandle` exposed by Sandstorm
Users.after.insert((userId, doc) => {
if (!Boards.findOne(sandstormBoard._id)) {
Boards.insert(sandstormBoard, {validate: false});
@@ -104,7 +94,7 @@ if (isSandstorm && Meteor.isServer) {
// LibreBoard v0.8 didn’t implement the Sandstorm sharing model and instead
// kept the visibility setting (“public” or “private”) in the UI as does the
- // main Meteor application. We need to enforce “public” visibility has the
+ // main Meteor application. We need to enforce “public” visibility as the
// sharing is now handled by Sandstorm.
// See https://github.com/wekan/wekan/issues/346
Migrations.add('enforce-public-visibility-for-sandstorm', () => {