Reputation: 6469
MeteorJS - How to prevent anonymous clients from Subscribing to a collection?
I'm using Meteor to create a web application.
The issue I'm dealing with is that I have a collection named Books, and I want it to be only available to the logged in users, and not for the anonymous users.
This is what I do:
if (Meteor.userId()) Meteor.subscribe('Books');
But this is not the best solution, because anonymous users can still get the Books collection information by opening up their browser console and calling Meteor.subscribe('Books');.
Unfortunately this is the only solution I can think of so far. I've heard of Meteor's allow and deny, but they seem to only affect when users insert, update, or remove on a collection (not preventing users from subscribing to a collection).
Upvotes: 2
Views: 95
Answers (1)
Reputation: 27423
You can restrict the subscriptions to logged in users from the server side, as follows:
From Meteor & Security: Setting the Record Straight by Sacha Greif:
Only publish posts if a user is logged in:
Meteor.publish('posts', function() { if(this.userId){ return Posts.find(); } });
In your case you need to change posts to books, properly capitalized to match other code.
This will cause manual attempts to subscribe while anonymous to come up empty.
Upvotes: 2
Related Questions
- How to properly subscribe to collection on Meteor client side?
- Return All Meteor Users Except The Current User?
- Changing a Meteor collection subscription for all clients
- How can a server subscribe to a collection from the client?
- Discover meteor-Unsubscribe?
- MeteorJS - How to prevent UnloggedIn Users from fetching database?
- meteorjs stop subscribtion of collection
- Subscribing to Meteor.Users Collection
- Meteor - Publish/Subscribe to user data while not logged in
- Meteor.js: Client doesn't subscribe to collection