From e2ee005a5f8235dbe6a244f236fbbfb429f84230 Mon Sep 17 00:00:00 2001
From: zago <arnaud.zago@gmail.com>
Date: Wed, 19 Jul 2017 10:27:23 +0200
Subject: direct hook to bypass the checking step with API request

---
 models/cardComments.js | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

(limited to 'models/cardComments.js')

diff --git a/models/cardComments.js b/models/cardComments.js
index e51275a4..352030f1 100644
--- a/models/cardComments.js
+++ b/models/cardComments.js
@@ -56,6 +56,16 @@ CardComments.helpers({
 
 CardComments.hookOptions.after.update = { fetchPrevious: false };
 
+function commentCreation(userId, doc){
+  Activities.insert({
+    userId,
+    activityType: 'addComment',
+    boardId: doc.boardId,
+    cardId: doc.cardId,
+    commentId: doc._id,
+  });
+}
+
 if (Meteor.isServer) {
   // Comments are often fetched within a card, so we create an index to make these
   // queries more efficient.
@@ -64,13 +74,7 @@ if (Meteor.isServer) {
   });
 
   CardComments.after.insert((userId, doc) => {
-    Activities.insert({
-      userId,
-      activityType: 'addComment',
-      boardId: doc.boardId,
-      cardId: doc.cardId,
-      commentId: doc._id,
-    });
+    commentCreation(userId, doc);
   });
 
   CardComments.after.remove((userId, doc) => {
@@ -114,12 +118,16 @@ if (Meteor.isServer) {
     Authentication.checkUserId( req.userId);
     const paramBoardId = req.params.boardId;
     const paramCardId = req.params.cardId;
-    const id = CardComments.insert({
+    const id = CardComments.direct.insert({
       userId: req.body.authorId,
       text: req.body.comment,
       cardId: paramCardId,
       boardId: paramBoardId,
     });
+
+    const cardComment = CardComments.findOne({_id: id, cardId:paramCardId, boardId: paramBoardId });
+    commentCreation(req.body.authorId, cardComment);
+
     JsonRoutes.sendResult(res, {
       code: 200,
       data: {
-- 
cgit v1.2.3-1-g7c22