Strona główna Odkrywaj Pomoc
Zaloguj się
fgm
/
meteor__coursera-meteor-1
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0
Drzewo: ab2c9921f2
Gałęzie Tagi
meteor__courser...
/
server
/
collections.js

collections.js 2.1 KB
Historia Czysty

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. Websites.allow({
    2. 

  2.   insert: function (userId, doc) {
    3. 

  3.     // Ensure sane arguments.
    4. 

  4.     check(doc, {
    5. 

  5.       url: String,
    6. 

  6.       title: String,
    7. 

  7.       description: String
    8. 

  8.     });
    9. 

  9. 

  10.     // Reject anonymous inserts.
    11. 

  11.     if (!userId) {
    12. 

  12.       throw new Meteor.Error("logged-out", "User must be logged in to post a site.");
    13. 

  13.       // return false;
    14. 

  14.     }
    15. 

  15. 

  16.     // Reject non-new inserts.
    17. 

  17.     const url = doc.url;
    18. 

  18. 

  19.     if (Websites.findOne({ url })) {
    20. 

  20.       throw new Meteor.Error("duplicate", "User may only post new sites.");
    21. 

  21.       // return false;
    22. 

  22.     }
    23. 

  23. 

  24.     // Reject wrong-looking URLs
    25. 

  25.     // TODO: find a validation package usable server-side.
    26. 

  26.     // The popular themeteorchef:jquery-validation appears to be client-only.
    27. 

  27.     // For now using a very limited check.
    28. 

  28.     const URL_BOGO_REGEX = /^https?:\/\/.+$/;
    29. 

  29.     if (!URL_BOGO_REGEX.test(doc.url)) {
    30. 

  30.       throw new Meteor.Error("bad-url", "Users may only post http(s) URLs.");
    31. 

  31.       // return false;
    32. 

  32.     }
    33. 

  33. 

  34.     // Reject empty titles and descriptions.
    35. 

  35.     if (doc.title === "") {
    36. 

  36.       throw new Meteor.Error("empty-title", "Title may not be empty");
    37. 

  37.       // return false;
    38. 

  38.     }
    39. 

  39. 

  40.     if (doc.description === "") {
    41. 

  41.       throw new Meteor.Error("empty-description", "Description may not be empty");
    42. 

  42.       // return false;
    43. 

  43.     }
    44. 

  44. 

  45.     return true;
    46. 

  46.   },
    47. 

  47. 

  48.   /**
    49. 

  49.    * Access check for update operations. NOT SAFE: needs deeper modifier checks.
    50. 

  50.    *
    51. 

  51.    * @param {String} userId
    52. 

  52.    *   The user attempting the modification.
    53. 

  53.    * @param {Object} doc
    54. 

  54.    *   The original document to modify.
    55. 

  55.    * @param {Array} fields
    56. 

  56.    *   The list of affected fields.
    57. 

  57.    * @param {Object} modifier
    58. 

  58.    *   The MongoDB update modifier.
    59. 

  59.    * @returns {boolean}
    60. 

  60.    *   True to allow update.
    61. 

  61.    */
    62. 

  62.   update: function (userId, doc, fields, modifier) {
    63. 

  63.     if (!userId) {
    64. 

  64.       throw new Meteor.Error("logged-out", "User must be logged to vote on a site.");
    65. 

  65.     }
    66. 

  66.     const orderedFields = fields.sort();
    67. 

  67.     if (!_.isEqual(orderedFields, ["minus", "plus"])) {
    68. 

  68.       throw new Meteor.Error("invalid-field", "May only update minus and plus.");
    69. 

  69.     }
    70. 

  70. 

  71.     // FIXME : check modifier.
    72. 

  72.     return true;
    73. 

  73.   }
    74. 

  74. });
    75.