本文介绍了使用Autoform插入并删除不安全的内容的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在我的Meteor项目中使用Collection2和Autoform,让事情变得更容易!

I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!

然而,当我删除不安全时,它不再插入(Autoform提交按钮)。我期待这个!

However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!

然而,我已经搜索过,我找不到让它运行的标准方法吗?我在lib文件夹中定义了一个模式,并将我的Autoform作为模板中的快速形式。我知道我需要允许客户端插入(我宁愿不这样做)或将其传输到服务器端(可能带有方法?)

However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)

任何建议都将不胜感激!我正在寻找实现它的标准方法。

Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.

推荐答案

经过多次挖掘后找到了我自己的答案。为插入,更新和删除创建了允许规则:

Found my own answer after much digging. Created an allow rules for insert, update, and remove:

Posts = new Mongo.Collection('posts');

//SECURITY - Allow Callbacks for posting

Posts.allow({
  insert: function(userId, doc) {
    // only allow posting if you are logged in
    return !! userId;
  },
  update: function(userId, doc) {
    // only allow updating if you are logged in
    return !! userId;
  },
  remove: function(userID, doc) {
    //only allow deleting if you are owner
    return doc.submittedById === Meteor.userId();
  }
});

//Schema then defined as usual

只是一个注释,submittedById是我的集合中保存userId的字段。如果你把它称为不同的东西,那就改变它吧!

Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!

希望这可以帮助有类似问题的人。

Hope this helps someone with a similar issue.

这篇关于使用Autoform插入并删除不安全的内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-12 21:08