From 45b662a1ddb46a0f17fab7b2383c82aa1e1620ef Mon Sep 17 00:00:00 2001
From: Maxime Quandalle <maxime@quandalle.com>
Date: Tue, 8 Sep 2015 20:19:42 +0200
Subject: Centralize all mutations at the model level

This commit uses a new package that I need to document. It tries to
solve the long-standing debate in the Meteor community about
allow/deny rules versus methods (RPC).

This approach gives us both the centralized security rules of
allow/deny and the white-list of allowed mutations similarly to Meteor
methods. The idea to have static mutation descriptions is also
inspired by Facebook's Relay/GraphQL.

This will allow the development of a REST API using the high-level
methods instead of the MongoDB queries to do the mapping between the
HTTP requests and our collections.
---
 sandstorm.js | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'sandstorm.js')

diff --git a/sandstorm.js b/sandstorm.js
index c430c3a8..97d42bdf 100644
--- a/sandstorm.js
+++ b/sandstorm.js
@@ -25,11 +25,7 @@ if (isSandstorm && Meteor.isServer) {
   // apparently meteor-core misses an API to handle that cleanly, cf.
   // https://github.com/meteor/meteor/blob/ff783e9a12ffa04af6fd163843a563c9f4bbe8c1/packages/accounts-base/accounts_server.js#L1143
   function updateUserAvatar(userId, avatarUrl) {
-    Users.update(userId, {
-      $set: {
-        'profile.avatarUrl': avatarUrl,
-      },
-    });
+    Users.findOne(userId).setAvatarUrl(avatarUrl);
   }
 
   function updateUserPermissions(userId, permissions) {
-- 
cgit v1.2.3-1-g7c22