Login/Register
Insert using Autoform with insecure removed
Asked Answered
javascriptmeteorschemameteor-autoform
G

1

7

I've been using Collection2 and Autoform on my Meteor project, made things a lot easier!

However, when I remove insecure, it no longer inserts (Autoform submit button). I expected this!

However, I've searched and I cannot find the standard way of getting this to work? I have a schema defined in the lib folder, and my Autoform as a quick form in a template.i know I need to either allow client side inserting (which I'd rather not do) or transfer it to server side (perhaps with a method?)

Any suggestions would be much appreciated! I'm looking for the standard way of implementing it.

Glaswegian answered 3/12, 2014 at 21:7 Comment(1)
Yes I had attached the Schema, but it didn't work with insecure off for some reason. Mentioned here by the author that you have to define your own allow / deny rules if insecure is off: github.com/aldeed/meteor-autoform/issues/380Glaswegian
G
10

Found my own answer after much digging. Created an allow rules for insert, update, and remove:

Posts = new Mongo.Collection('posts');

//SECURITY - Allow Callbacks for posting

Posts.allow({
  insert: function(userId, doc) {
    // only allow posting if you are logged in
    return !! userId; 
  },
  update: function(userId, doc) {
    // only allow updating if you are logged in
    return !! userId; 
  },
  remove: function(userID, doc) {
    //only allow deleting if you are owner
    return doc.submittedById === Meteor.userId();
  }
});

//Schema then defined as usual

Just a note, submittedById is the field in my collection that keeps the userId. If you've called it something different, change that!

Hope this helps someone with a similar issue.

Glaswegian answered 4/12, 2014 at 11:22 Comment(1)
Thanks, this helped me! Also, I put this allow/deny code in the shared (client/server) folder.Pinwork

© 2022 - 2024 — McMap. All rights reserved.