使用Autoform插入并删除不安全的内容 [英] Insert using Autoform with insecure removed

问题描述

我一直在我的Meteor项目中使用Collection2和Autoform，让事情变得更容易！

I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!

然而，当我删除不安全时，它不再插入（Autoform提交按钮）。我期待这个！

However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!

然而，我已经搜索过，我找不到让它运行的标准方法吗？我在lib文件夹中定义了一个模式，并将我的Autoform作为模板中的快速形式。我知道我需要允许客户端插入（我宁愿不这样做）或将其传输到服务器端（可能带有方法？）

However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)

任何建议都将不胜感激！我正在寻找实现它的标准方法。

Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.

推荐答案

经过多次挖掘后找到了我自己的答案。为插入，更新和删除创建了允许规则：

Found my own answer after much digging. Created an allow rules for insert, update, and remove:

Posts = new Mongo.Collection('posts');

//SECURITY - Allow Callbacks for posting

Posts.allow({
  insert: function(userId, doc) {
    // only allow posting if you are logged in
    return !! userId; 
  },
  update: function(userId, doc) {
    // only allow updating if you are logged in
    return !! userId; 
  },
  remove: function(userID, doc) {
    //only allow deleting if you are owner
    return doc.submittedById === Meteor.userId();
  }
});

//Schema then defined as usual

只是一个注释，submittedById是我的集合中保存userId的字段。如果你把它称为不同的东西，那就改变它吧！

Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!

希望这可以帮助有类似问题的人。

Hope this helps someone with a similar issue.

这篇关于使用Autoform插入并删除不安全的内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！