问题
I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!
However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!
However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)
Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.
回答1:
Found my own answer after much digging. Created an allow rules for insert, update, and remove:
Posts = new Mongo.Collection('posts');
//SECURITY - Allow Callbacks for posting
Posts.allow({
insert: function(userId, doc) {
// only allow posting if you are logged in
return !! userId;
},
update: function(userId, doc) {
// only allow updating if you are logged in
return !! userId;
},
remove: function(userID, doc) {
//only allow deleting if you are owner
return doc.submittedById === Meteor.userId();
}
});
//Schema then defined as usual
Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!
Hope this helps someone with a similar issue.
来源:https://stackoverflow.com/questions/27281645/insert-using-autoform-with-insecure-removed