Home Verkennen Help
Inloggen
fgm
/
meteor__coursera-meteor-1
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0
Aftakking: final
Aftakkingen Labels
meteor__courser...
/
server
/
collections.js

collections.js 2.3 KB
Permalink Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. Websites.allow({
    2. 

  2.   insert: function (userId, doc) {
    3. 

  3.     // Ensure sane arguments.
    4. 

  4.     check(doc, {
    5. 

  5.       url: String,
    6. 

  6.       title: String,
    7. 

  7.       description: String,
    8. 

  8.       poster: Object,
    9. 

  9.       postDate: Date,
    10. 

  10.       words: String
    11. 

  11.     });
    12. 

  12. 

  13.     // Reject anonymous inserts.
    14. 

  14.     if (!userId) {
    15. 

  15.       throw new Meteor.Error("logged-out", "User must be logged in to post a site.");
    16. 

  16.       // return false;
    17. 

  17.     }
    18. 

  18. 

  19.     // Reject non-new inserts.
    20. 

  20.     const url = doc.url;
    21. 

  21. 

  22.     if (Websites.findOne({ url })) {
    23. 

  23.       throw new Meteor.Error("duplicate", "User may only post new sites.");
    24. 

  24.       // return false;
    25. 

  25.     }
    26. 

  26. 

  27.     // Reject wrong-looking URLs
    28. 

  28.     // TODO: find a validation package usable server-side.
    29. 

  29.     // The popular themeteorchef:jquery-validation appears to be client-only.
    30. 

  30.     // For now using a very limited check.
    31. 

  31.     const URL_BOGO_REGEX = /^https?:\/\/.+$/;
    32. 

  32.     if (!URL_BOGO_REGEX.test(doc.url)) {
    33. 

  33.       throw new Meteor.Error("bad-url", "Users may only post http(s) URLs.");
    34. 

  34.       // return false;
    35. 

  35.     }
    36. 

  36. 

  37.     // Reject empty titles and descriptions.
    38. 

  38.     if (doc.title === "") {
    39. 

  39.       throw new Meteor.Error("empty-title", "Title may not be empty");
    40. 

  40.       // return false;
    41. 

  41.     }
    42. 

  42. 

  43.     if (doc.description === "") {
    44. 

  44.       throw new Meteor.Error("empty-description", "Description may not be empty");
    45. 

  45.       // return false;
    46. 

  46.     }
    47. 

  47. 

  48.     return true;
    49. 

  49.   },
    50. 

  50. 

  51.   /**
    52. 

  52.    * Access check for update operations. NOT SAFE: needs deeper modifier checks.
    53. 

  53.    *
    54. 

  54.    * @param {String} userId
    55. 

  55.    *   The user attempting the modification.
    56. 

  56.    * @param {Object} doc
    57. 

  57.    *   The original document to modify.
    58. 

  58.    * @param {Array} fields
    59. 

  59.    *   The list of affected fields.
    60. 

  60.    * @param {Object} modifier
    61. 

  61.    *   The MongoDB update modifier.
    62. 

  62.    * @returns {boolean}
    63. 

  63.    *   True to allow update.
    64. 

  64.    */
    65. 

  65.   update: function (userId, doc, fields, modifier) {
    66. 

  66.     if (!userId) {
    67. 

  67.       throw new Meteor.Error("logged-out", "User must be logged to vote on a site.");
    68. 

  68.     }
    69. 

  69.     const orderedFields = fields.sort();
    70. 

  70.     if (!_.isEqual(orderedFields, ["minus", "minusScore"]) &&
    71. 

  71.       !_.isEqual(orderedFields, ["plus", "plusScore"]) &&
    72. 

  72.       !_.isEqual(orderedFields, ["minus", "minusScore", "plus", "plusScore"]) &&
    73. 

  73.       !_.isEqual(orderedFields, ["comments"])) {
    74. 

  74.       throw new Meteor.Error("invalid-field", "May only update minus[Score] and plus[Score] or comments.");
    75. 

  75.     }
    76. 

  76. 

  77.     // FIXME : check modifier.
    78. 

  78.     return true;
    79. 

  79.   }
    80. 

  80. });
    81.