I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!
However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!
However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)
Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.
Found my own answer after much digging. Created an allow rules for insert, update, and remove:
Posts = new Mongo.Collection('posts');
//SECURITY - Allow Callbacks for posting
Posts.allow({
insert: function(userId, doc) {
// only allow posting if you are logged in
return !! userId;
},
update: function(userId, doc) {
// only allow updating if you are logged in
return !! userId;
},
remove: function(userID, doc) {
//only allow deleting if you are owner
return doc.submittedById === Meteor.userId();
}
});
//Schema then defined as usual
Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!
Hope this helps someone with a similar issue.