Insert using Autoform with insecure removed

2019-06-17 05:50发布

问题:

I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!

However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!

However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)

Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.

回答1:

Found my own answer after much digging. Created an allow rules for insert, update, and remove:

Posts = new Mongo.Collection('posts');

//SECURITY - Allow Callbacks for posting

Posts.allow({
  insert: function(userId, doc) {
    // only allow posting if you are logged in
    return !! userId; 
  },
  update: function(userId, doc) {
    // only allow updating if you are logged in
    return !! userId; 
  },
  remove: function(userID, doc) {
    //only allow deleting if you are owner
    return doc.submittedById === Meteor.userId();
  }
});

//Schema then defined as usual

Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!

Hope this helps someone with a similar issue.