[annotator-dev] Permissions plugin

Jamie M Folsom jfolsom at MIT.EDU
Wed Aug 29 20:42:05 UTC 2012

More on this. 

Here's the username doubling:


I've turned the permissions plugin
off in setupPlugins, and am attempting
to re-add it via a separate call to addPlugin.

Annotator is listening to the options
set in the addPlugin call. However, the
XHR console, and the database on the
other end are seeing the values for "read"
and "update" as objects, not as strings.

What's odd is that all option key:values are 

JSON sent by Annotator (according to 
Chrome XHR console and what's 
stored in my DB):

"permissions": {
        "delete": [
            "jamiefolsom at gmail.com",
        "update": [
            "[object Object]"
        "admin": [
            "jamiefolsom at gmail.com",
        "read": [
            "[object Object]"

// Code:

// Mine:

		.annotator('setupPlugins', {}, {
			Auth: {
				token: '<%= @jwt %>'
			Store: {
				prefix: 'http://localhost:5000/api',
			Filter: false,
			Markdown: true,
			Permissions: false

// From: https://github.com/okfn/annotator/wiki/Permissions-Plugin

	// Get a reference to the Annotator for event callback subscriptions //
	var studio = $('#textcontent').annotator().data('annotator');

	studio.addPlugin('Permissions', {
	  user: {
	    id: '<%= current_user.id %>',
	    name:'<%= current_user.firstname %>',
	    group: 'Admin'

	  // Either current_user or the group admin can perform actions on these annotations.
	  permissions: {
	    'read':   ['<%= current_user.email %>', 'group:Admin'],
	    'update': ['<%= current_user.email %>', 'group:Admin'],
	    'delete': ['<%= current_user.email %>', 'group:Admin'],
	    'admin':  ['<%= current_user.email %>', 'group:Admin']

	  userAuthorize: function (user, token) {
	    // If the token is our admin token and the user
	    // is in the admin group then authorise.
	    if (token === 'group:Admin' && user.group === 'Admin') {
	      return true;

	    // If it's not an admin token check the id.
	    return user.id === token;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20120829/0111e76f/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1583 bytes
Desc: not available
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20120829/0111e76f/attachment-0004.bin>

More information about the annotator-dev mailing list