Allow updating a specific collection property

Question

Allow updating a specific collection property

I’m trying to add the “ratings” property to the collection and want ANY user (and not just the owner) to add the rating to the ratings set in the collection. My problem is that I have permission / prohibition rules set only so that only the owner can perform updates for their own collections. Is there a way to allow any user to update the collection only if they update a specific property (a set of "ratings") and deny them access to the update if they try to update any other property.

My allow / deny rules on the server are as follows:

Playlists.allow({ insert: function(userId, doc) { return (userId && doc.owner === userId); }, update: function (userId, docs, fields, modifier) { return _.all(docs, function(doc) { return doc.owner === userId; }); }, remove: function (userId, docs) { return _.all(docs, function(doc) { return doc.owner === userId; }); } }); Playlists.deny({ update: function (userId, docs, fields, modifier) { return _.contains(fields, 'owner'); }, remove: function (userId, docs) { return _.any(docs, function (doc) { return doc.locked; }); }, fetch: ['locked'] });

+4

meteor

fakepancake Mar 18 '13 at 3:14

source share

2 answers

Rahul · Answer 1 · 2013-03-18T10:00:09+0000

In Playlists.deny.update you can change the logic so that it first checks to see if anyone is trying to change the ratings property (for example, using $addToSet ) and return false if that is the case. Thus, you will get the code as follows:

  Playlists.deny({ update: function(userId, docs, fields, modifier) { if (fields.ratings && modifier["$addToSet"] && modifier["$addToSet"].ratings) { return false; // don't deny this } else { return _.contains(fields, 'owner'); } } });

Jboulhous · Answer 2 · 2013-03-18T10:02:57+0000

Create Meteor.methods ({updateRatePlaylist: myUpdateRatePlaylistFunction})

Allow updating a specific collection property

More articles: