openannotation · nickstenning · Oct 15, 2013 · Oct 14, 2013
diff --git a/src/plugin/permissions.coffee b/src/plugin/permissions.coffee
@@ -285,7 +285,7 @@ class Annotator.Plugin.Permissions extends Annotator.Plugin
       # but our UI presents a checkbox, so we can only interpret "prevent others
       # from viewing" as meaning "allow only me to view". This may want changing
       # in the future.
-      annotation.permissions[type] = [@user]
+      annotation.permissions[type] = [@options.userId(@user)]
 
   # Field callback: updates the annotation viewer to inlude the display name
   # for the user obtained through Permissions#options.userString().

diff --git a/test/spec/plugin/permissions_spec.coffee b/test/spec/plugin/permissions_spec.coffee
@@ -263,6 +263,13 @@ describe 'Annotator.Plugin.Permissions', ->
       checkbox.removeAttr('checked')
       permissions.updateAnnotationPermissions('update', field, annotation)
       assert.isFalse(permissions.authorize('update', annotation, null))
+
+    it 'should consult the userId option when updating permissions', ->
+      annotation = {permissions: {}}
+      permissions.options.userId = (user) -> user.id
+      permissions.setUser({id: 3, name: 'Alice'})
+      permissions.updateAnnotationPermissions('update', field, annotation);
+      assert.deepEqual(annotation.permissions, {'update': [3]})
 
   describe 'updatePermissionsField', ->
     field = null