[annotator-dev] userAuthorize issue with custom permissions scheme

Randall Leeds tilgovi at hypothes.is
Tue Nov 27 20:32:30 UTC 2012


On Tue, Nov 27, 2012 at 11:10 AM, Jamie M Folsom <jfolsom at mit.edu> wrote:

> I've made some progress implementing a custom permissions scheme, but I'm
> running up against a seeming quirk in how the annotator calls a custom
> userAuthorize function (as passed in the options object to the permissions
> plugin).
>
> When checking for admin, update and delete permissions (on hover, to show
> the proper controls on the viewer), userAuthorize appears to be called with
> three arguments, which this function signature handles correctly:
>
>         userAuthorize: function (action, annotation, user) {
>
> But when calling the function to authorize read permissions (on edit
> button click, for example), it's called with just two arguments;
>
>         userAuthorize: function (action, annotation) {
>

We tracked this down in IRC. The third argument is `null` to check the
action for the anonymous user. A userAuthorize function should handle this
case.


>
> In no case does it appear to be called with the two arguments indicated in
> the wiki:
>
>         userAuthorize: function (user, token) {
>

This appears to be outdated, and Jamie has taken charge of updating this on
the wiki. Thanks, Jamie!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20121127/b45abcf5/attachment-0002.html>


More information about the annotator-dev mailing list