I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!
However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!
However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)
Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.
I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!
However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!
However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)
Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.
Share Improve this question asked Dec 3, 2014 at 21:07 sgoudiesgoudie 3003 silver badges9 bronze badges 1- Yes I had attached the Schema, but it didn't work with insecure off for some reason. Mentioned here by the author that you have to define your own allow / deny rules if insecure is off: github./aldeed/meteor-autoform/issues/380 – sgoudie Commented Dec 4, 2014 at 11:16
1 Answer
Reset to default 10Found my own answer after much digging. Created an allow rules for insert, update, and remove:
Posts = new Mongo.Collection('posts');
//SECURITY - Allow Callbacks for posting
Posts.allow({
insert: function(userId, doc) {
// only allow posting if you are logged in
return !! userId;
},
update: function(userId, doc) {
// only allow updating if you are logged in
return !! userId;
},
remove: function(userID, doc) {
//only allow deleting if you are owner
return doc.submittedById === Meteor.userId();
}
});
//Schema then defined as usual
Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!
Hope this helps someone with a similar issue.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745267241a4619530.html
评论列表(0条)