Meteor.js发布和订阅？ [英] Meteor.js Publishing and Subscribing?

问题描述

好的，所以我对Meteor.js有点困惑。我用它创建了一个网站来测试各种概念，它运行良好。一旦我删除了不安全和自动发布，我在尝试检索并推送到服务器时会收到多个拒绝访问错误。我相信它与以下代码段有关：

Okay, so I am a bit confused about something with Meteor.js. I created a site with it to test the various concepts, and it worked fine. Once I removed "insecure" and "autopublish", I get multiple "access denied" errors when trying to retrieve and push to the server. I belive it has something to do with the following snippet:

Template.posts.posts = function () {
    return Posts.find({}, {sort: {time: -1}});
}

我认为它正试图直接访问该集合，这是允许的与不安全和自动发布启用，但一旦他们被禁用，它被拒绝访问。我认为另一件作品有问题：

I think that it is trying to access the collection directly, which it was allowed to do with "insecure" and "autopublish" enabled, but once they were disabled it was given access denied. Another piece I think is problematic:

else {
    Posts.insert({
    user: Meteor.user().profile.name,
    post: post.value,
    time: Date.now(),
});

我认为同样的事情正在发生：它正试图直接访问该集合，不允许这样做。

I think that the same sort of thing is happening: it is trying to access the collection directly, which it is not allowed to do.

我的问题是，我如何重新考虑它以便我不需要启用不安全和自动发布？

My question is, how do I re-factor it so that I do not need "insecure" and "autopublish" enabled?

谢谢。

编辑

决赛：

/** 
* Models
*/
Posts = new Meteor.Collection('posts');

posts = Posts

if (Meteor.isClient) {

    Meteor.subscribe('posts');


}

if (Meteor.isServer) {

    Meteor.publish('posts', function() {
        return posts.find({}, {time:-1, limit: 100});
   });


    posts.allow({

        insert: function (document) {
            return true;
        },
        update: function () {
            return false;
        },
        remove: function () {
            return false;
        }

    });

}

推荐答案

好的，所以这个问题分为两部分：

Ok, so there are two parts to this question:

自动发布

发布数据库在meteor中，您需要在项目的服务器端和客户端都有代码。假设您已实例化集合（ Posts = new Meteor.Collection（'posts'）），那么您需要

To publish databases in meteor, you need to have code on both the server-side, and client-side of the project. Assuming you have instantiated the collection (Posts = new Meteor.Collection('posts')), then you need

if (Meteor.isServer) {
    Meteor.publish('posts', function(subsargs) {
        //subsargs are args passed in the next section
        return posts.find()
        //or 
        return posts.find({}, {time:-1, limit: 5}) //etc
   })
}

然后是客户

if (Meteor.isClient) {
    Meteor.subscribe('posts', subsargs) //here is where you can pass arguments
}

不安全

不安全的目的是允许客户端不加选择地添加，修改和删除它想要的任何数据库条目。但是，大多数时候你不希望这样。删除不安全后，您需要在服务器上设置规则，详细说明谁可以执行哪些操作。这两个函数是db.allow和db.deny。例如

The purpose of insecure is to allow the client to indiscriminately add, modify, and remove any database entries it wants. However, most of the time you don't want that. Once you remove insecure, you need to set up rules on the server detailing who can do what. These two functions are db.allow and db.deny. E.g.

if (Meteor.isServer) {
    posts.allow({ 
        insert:function(userId, document) {
            if (userId === "ABCDEFGHIJKLMNOP") {  //e.g check if admin
                return true;
            }
            return false;
        },
        update: function(userId,doc,fieldNames,modifier) {
            if (fieldNames.length === 1 && fieldNames[0] === "post") { //they are only updating the post
                return true;
            }
            return false;
        },
        remove: function(userId, doc) {
            if (doc.user === userId) {  //if the creator is trying to remove it
                return true;
            }
            return false;
        }
    });
}

同样，db.deny的行为方式完全相同，除了响应 true 将表示不允许此操作

Likewise, db.deny will behave the exact same way, except a response of true will mean "do not allow this action"

希望这能解答您的所有问题

Hope this answers all your questions

这篇关于Meteor.js发布和订阅？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！