[annotator-dev] Permissions plugin
Jamie M Folsom
jfolsom at MIT.EDU
Wed Aug 29 21:12:39 UTC 2012
There was an rookie error in my last email, corrected here:
current_user.id instead of current_user.email. Those and all other
tokens in this code are replaced at render time by the Rails app.
The last line here does return true as expected, but I if simply want to assert
who should be able to view/edit annotations, where would I call authorize
and what would I do with the returned value? Apologies if this is obvious.
Thanks,
Jamie
$('#textcontent').annotator()
.annotator('setupPlugins', {}, {
Auth: {
token: '<%= @jwt %>'
},
Store: {
// prefix: 'http://annotations.mit.edu/api',
prefix: 'http://localhost:5000/api',
},
Filter: false,
Markdown: true,
Permissions: false
});
var studio = $('#textcontent').annotator().data('annotator');
studio.addPlugin('Permissions', {
user: {
id: '<%= current_user.id %>',
name:'<%= current_user.firstname %>',
group: 'Admin'
},
// Either current_user or the group admin can perform actions on these annotations.
permissions: {
'read': ['<%= current_user.id %>', 'group:Admin'],
'update': ['<%= current_user.id %>', 'group:Admin'],
'delete': ['<%= current_user.id %>', 'group:Admin'],
'admin': ['<%= current_user.id %>', 'group:Admin']
},
userAuthorize: function (user, token) {
// If the token is our admin token and the user
// is in the admin group then authorise.
if (token === 'group:Admin' && user.group === 'Admin') {
return true;
}
// If it's not an admin token check the id.
return user.id === token;
}
});
studio.plugins.Permissions.authorize({ id: '<%= current_user.id %>', group: 'Admin' }, 'group:Admin');
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1583 bytes
Desc: not available
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20120829/54892ed1/attachment-0004.bin>
More information about the annotator-dev
mailing list