CODEWITHSUNDEEP
meteor
Dimitri Mestdagh
Dimitri Mestdagh

Reputation: 44745

Meteor filter collection

I'm trying to secure accessing a specific collection but I'm having troubles doing it. I have no problems disabling the insert, update and delete with the Collection.allow() map.

The problem is that I also want to filter the results returned by the Collection.find() and Collection.findOne() function. I read about the Meteor.publish() and Meteor.subscribe() stuff, but somehow I cannot make it work (it's not getting filtered, I just can see all the results).

In my server-code I do the following:

Groups = new Meteor.Collection("groups");
Meteor.publish("myGroups", function() {
    if (Functions.isAdmin(userId)) {
        return Groups.find({
            sort: {
                name: 1
            }
        }); 
    }
});

The function I'm using really works (so it's not that it's always returning true).

In the client-code I wrote the following:

Meteor.subscribe("myGroups");
Groups = new Meteor.Collection("groups");

Now when I do Groups.find{}); at the client I still get all results (and I should get no result).

Am I misunderstanding something or doing something wrong? I could of course make the collection completely server-side and use Meteor.methods() and Meteor.call() to get the collection data (so that it's always encapsulated by the server). But I really thought it would be cool that I didn't have to do that.

Also I wonder why this can't be done on the same level as insert/update/remove with Collection.allow(). I mean, it would be could that we could have the possibility to add a filter to the map for reading data through find/findOne.

Upvotes: 1

Views: 1208

Answers (1)

Dimitri Mestdagh
Dimitri Mestdagh

Reputation: 44745

Like @Tarang said, removing autopublish by executing the following command works:

meteor remove autopublish

Upvotes: 0

Related Questions