问题描述
我一直在我的Meteor项目中使用Collection2和Autoform,让事情变得更容易!
I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!
然而,当我删除不安全时,它不再插入(Autoform提交按钮)。我期待这个!
However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!
然而,我已经搜索过,我找不到让它运行的标准方法吗?我在lib文件夹中定义了一个模式,并将我的Autoform作为模板中的快速形式。我知道我需要允许客户端插入(我宁愿不这样做)或将其传输到服务器端(可能带有方法?)
However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)
任何建议都将不胜感激!我正在寻找实现它的标准方法。
Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.
推荐答案
经过多次挖掘后找到了我自己的答案。为插入,更新和删除创建了允许规则:
Found my own answer after much digging. Created an allow rules for insert, update, and remove:
Posts = new Mongo.Collection('posts');
//SECURITY - Allow Callbacks for posting
Posts.allow({
insert: function(userId, doc) {
// only allow posting if you are logged in
return !! userId;
},
update: function(userId, doc) {
// only allow updating if you are logged in
return !! userId;
},
remove: function(userID, doc) {
//only allow deleting if you are owner
return doc.submittedById === Meteor.userId();
}
});
//Schema then defined as usual
只是一个注释,submittedById是我的集合中保存userId的字段。如果你把它称为不同的东西,那就改变它吧!
Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!
希望这可以帮助有类似问题的人。
Hope this helps someone with a similar issue.
这篇关于使用Autoform插入并删除不安全的内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!