Meteor 方法的安全性，同时也允许服务器运行代码 [英] Security for Meteor methods while allowing server to run code too

问题描述

我有一个方法，我只希望管理员能够调用它，但我也希望它在 Meteor.onStartup() 中运行.我该怎么做?

I have a method that I'd only like admins to be able to call, but I also want it to run in Meteor.onStartup(). How can I do this?

我为作为管理员的用户文档添加了 "isAdmin": true 并在方法的开头添加了一个 if 语句，只有管理员才能调用该语句来检查该用户是否确实是管理员.这很好用，只是我也想在 onStartup 中调用此方法，但由于运行 onStartup 代码时没有用户，因此无法调用该方法.我该如何解决这个问题?

I've added "isAdmin": true to user documents that are admins and added an if statement to the beginning of methods that only admin should be able to call to check that this user is indeed an admin. This works great except that I want to call this method in onStartup too, but since there is no user when the onStartup code is run, the method can't be called. How can I get around this?

谢谢

推荐答案

将你的共享代码(在方法和启动函数中都运行)重构为一个单独的函数，并在两个地方使用它:

Refactor your shared code (that is run both in the method and in the startup function) into a separate function, and use it in both places:

var sharedFunction = function() {
  // do something
};

Meteor.methods({
  "foo": function() {
    if (Meteor.user().isAdmin) {
      sharedFunction();
    }
  }
}

Meteor.startup(sharedFunction);

这篇关于Meteor 方法的安全性，同时也允许服务器运行代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！