Reputation: 197
Meteor JS - allow/deny rules
In the example app "parties" there is a set of allow/deny rules for Parties collection.
The rule for insert looks like this:
Parties.allow({
insert: function (userId, party) {
return false; // no cowboy inserts -- use createParty method
},...
At the same time method createParty, implements Parties.insert({....}) which is somehow not affected by the rules applied to the Parties collection.
.....
return Parties.insert({
owner: this.userId,
x: options.x,
y: options.y,
title: options.title,
description: options.description,
public: !! options.public,
invited: [],
rsvps: []
});
.....
Could someone explain why createParty method is not affected by rules?
Thank you.
Upvotes: 5
Views: 2382
Answers (1)
Reputation: 75955
The createParty is in Meteor.methods which is run on the server as well as the client's end by calling a Meteor.call('createParties') from the client. On the client it will not insert any data but the method running on the server will insert the party.
Meteors allow and deny rules control what comes from the client's end directly and don't apply for anything running on the server's end.
Upvotes: 10
Related Questions
- Meteor, Angular, and Allow/Deny
- Meteor how to debug allow/deny
- Meteor allow/ deny rules
- .deny Meteor use.. can't get it to work
- Meteor.users.allow never fires, but Meteor.users.deny works
- internal server error when defining allow/deny rules with meteor
- See the updated document in allow / deny rule in Meteor.js
- allow and deny parameters in collections
- Where should I put allow and deny rules in Meteor.js?
- meteor allow rules