Bladeren bron

Commit 8-3: Only allow changing certain fields of posts.

Frederic G. MARAND 9 jaren geleden
bovenliggende
commit
6c80258167
1 gewijzigde bestanden met toevoegingen van 7 en 0 verwijderingen
  1. 7 0
      lib/collections/posts.js

+ 7 - 0
lib/collections/posts.js

@@ -21,6 +21,13 @@ Posts.allow({
   }
 });
 
+Posts.deny({
+  update: function (userId, post, fieldNames) {
+    // _.without() is like PHP array_diff($source, ...$keys).
+    return (_.without(fieldNames, "url", "title").length > 0);
+  }
+});
+
 // This is in lib/ instead of server/ for latency compensation.
 Meteor.methods({
   postInsert: function(postAttributes) {