[annotator-dev] How to query annotations created by current user only

Rick rmercer33 at gmail.com
Fri Nov 21 01:47:02 UTC 2014 

Hi All,

I'm using annotator.js v 1.2.9 and using the Store plugin with Meteor and
MongoDB.

I want only annotations created by the current user to be displayed.

When annotator is first initialized it makes a GET request to receive all
annotations. Rather than return all annotations I want to return only those
created by the current user (on the current page).

But the GET request does not include any user information that can be used
to query the database. I tried using the annotationData option of the Store
plugin but that info is not part of the GET request - but is part of the
annotation json object in the body of a POST.

that.$('#document').annotator()
        .annotator("addPlugin", 'Store', {
          prefix: '/api',
          annotationData: {"docId":that.data._id, "userId":Meteor.userId()}
        })


I tried the Permissions plugin and can see how that prevents others from
editing or deleting an annotation they did not create but It doesn't seem
to work when I try to restrict readers to just the creator. Here's my code
for that:

  var userInfo = {id:Meteor.userId(),
email:Meteor.user().emails[0].address};


.annotator("addPlugin", 'Permissions', {
          user: userInfo,
          userId: function(user) {
            if (user && user.id) {
              return user.id;
            }
            else
              return user
          },
          userString: function(user) {
            if (user && user.id) {
              return user.email;
            }
            else
              return user
          },
          permissions: {
            'read': [userInfo.id],
            'update': [userInfo.id],
            'delete': [userInfo.id],
            'admin': [userInfo.id]
          },
          showViewPermissionsCheckbox: false,
          showEditPermissionsCheckbox: false
        })


I also tried the Auth plugin which adds an 'x-annotator-auth-token' key to
the request header and I can use that token to obtain user info but, the
token is not added to the GET request.

So, I don't know how to proceed. All help is gratefully appreciated.

Thanks in advance.

Rick ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20141120/2b88f05b/attachment-0003.html>

More information about the annotator-dev mailing list