|
@@ -10,9 +10,25 @@
|
|
|
// Not a "var", to make it global.
|
|
|
Posts = new Mongo.Collection('posts');
|
|
|
|
|
|
-Posts.allow({
|
|
|
- insert: function (userId, doc) {
|
|
|
- // Only allow insert to logged-in users
|
|
|
- return !!userId;
|
|
|
+// Removed Posts.allow : we no longer trigger inserts from client.
|
|
|
+
|
|
|
+// This is in lib/ instead of server/ for latency compensation (?).
|
|
|
+Meteor.methods({
|
|
|
+ postInsert: function(postAttributes) {
|
|
|
+ check(Meteor.userId(), String);
|
|
|
+ check(postAttributes, {
|
|
|
+ title: String,
|
|
|
+ url: String
|
|
|
+ });
|
|
|
+ var user = Meteor.user();
|
|
|
+ var post = _.extend(postAttributes, {
|
|
|
+ userId: user._id,
|
|
|
+ author: user.username,
|
|
|
+ submitted: new Date()
|
|
|
+ });
|
|
|
+ var postId = Posts.insert(post);
|
|
|
+ return {
|
|
|
+ _id: postId
|
|
|
+ };
|
|
|
}
|
|
|
});
|