|
|
@@ -21,6 +21,13 @@ Posts.allow({
|
|
|
}
|
|
|
});
|
|
|
|
|
|
+Posts.deny({
|
|
|
+ update: function (userId, post, fieldNames) {
|
|
|
+ // _.without() is like PHP array_diff($source, ...$keys).
|
|
|
+ return (_.without(fieldNames, "url", "title").length > 0);
|
|
|
+ }
|
|
|
+});
|
|
|
+
|
|
|
// This is in lib/ instead of server/ for latency compensation.
|
|
|
Meteor.methods({
|
|
|
postInsert: function(postAttributes) {
|
