/**
* @file
*
*
* User: marand
* Date: 30/08/15
* Time: 10:48
*/
// Not a "var", to make it global.
Posts = new Mongo.Collection('posts');
// Removed Posts.allow : we no longer trigger inserts from client.
Posts.allow({
update: function (userId, post) {
return ownsDocument(userId, post);
},
remove: function (userId, post) {
return ownsDocument(userId, post);
}
});
Posts.deny({
update: function (userId, post, fieldNames) {
// _.without() is like PHP array_diff($source, ...$keys).
return (_.without(fieldNames, "url", "title").length > 0);
}
});
Posts.deny({
// In a post edit, the update is performed by a $set modifier, with the same
// fields as the base inserted post: url and title, so we can pass it to
// the post validator as it currently stands.
update: function (userId, post, fieldNames, modifier) {
var errors = validatePost(modifier.$set);
return errors.title || errors.url;
}
});
// This is in lib/ instead of server/ for latency compensation.
Meteor.methods({
postInsert: function(postAttributes) {
"use strict";
check(Meteor.userId(), String);
check(postAttributes, {
title: String,
url: String
});
var errors = validatePost(postAttributes);
if (errors.title || errors.url) {
throw new Meteor.Error('invalid-post',
"You must set a title and URL for your post");
}
var postWithSameLink = Posts.findOne({ url: postAttributes.url });
if (postWithSameLink) {
// Return to skip the insert.
return {
postExists: true,
_id: postWithSameLink._id
};
}
var user = Meteor.user();
var post = _.extend(postAttributes, {
userId: user._id,
author: user.username,
submitted: new Date()
});
var postId = Posts.insert(post);
return {
_id: postId
};
}
});
validatePost = function (post) {
var errors = {};
if (!post.title) {
errors.title = "Please fill in a headline";
}
if (!post.url) {
errors.url = "Please fill in a URL";
}
return errors;
};