@@ -21,6 +21,13 @@ Posts.allow({
}
});
+Posts.deny({
+ update: function (userId, post, fieldNames) {
+ // _.without() is like PHP array_diff($source, ...$keys).
+ return (_.without(fieldNames, "url", "title").length > 0);
+ }
+});
+
// This is in lib/ instead of server/ for latency compensation.
Meteor.methods({
postInsert: function(postAttributes) {
