是否可以在流星集合更新/删除中使用变量? [英] Is it possible to use a variable in a meteor collection update/removal?
问题描述
所以我想以下面的方式重构我的代码.
So I was thinking about refactoring my code in the following way.
Meteor.call("RemoveNotification", this._id, function(error, response){
}
和
Meteor.call("RemoveAvailablePlayer", this._id, function(error, response){
}
进入
Meteor.call("RemoveFromDatabase", "Notifications", this_id, function(error, response){
}
和
Meteor.call("RemoveFromDatabase", "AvailablePlayers", this_id, function(error, response){
}
那样只需要一个流星方法来处理对任何集合的删除.这可能吗?当我尝试以下 Meteor 方法时,它对我不起作用.
that way only one meteor method is needed to handle a removal to any collection. Is this possible? It wasn't working for me when I tried the following Meteor Method.
RemoveFromDatabase : function(collection, id){
collection.remove(id);
}
推荐答案
这是一个可以在客户端和服务器之间共享的 RemoveFromDatabase 的工作实现:
Here is a working implementation of RemoveFromDatabase that can be shared between the client and the server:
Meteor.methods({
RemoveFromDatabase: function(collectionName, id) {
check(collectionName, String);
check(id, String);
var globalObject = Meteor.isServer ? global : window;
var collection = globalObject[collectionName];
if (collection instanceof Meteor.Collection) {
return collection.remove(id);
} else {
throw new Meteor.Error(404, 'Cannot find the collection');
}
}
});
总的来说,我强烈警告您不要使用这种技术,因为它实际上允许任何人从任何集合中删除任何文档,因为服务器端代码不会通过允许/拒绝方法运行.避免这些类型的安全漏洞是人们首先实施按集合删除方法的原因.至少,您可能需要检查用户是否已登录,或者 collectionName 是否在某个可接受的子集中.
In general I'd strongly caution you against using this technique, because it allows literally anyone to remove any document from any collection as server-side code does not run though allow/deny methods. Avoiding these kinds of security holes are why people implement per-collection remove methods in the first place. At a minimum, you may want to check that the user is logged in, or that collectionName is in some acceptable subset.
这篇关于是否可以在流星集合更新/删除中使用变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
