123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 |
- // Not a "var", to make it global.
- Posts = new Mongo.Collection('posts');
- Posts.allow({
- update: function (userId, post) {
- return ownsDocument(userId, post);
- },
- remove: function (userId, post) {
- return ownsDocument(userId, post);
- }
- });
- Posts.deny({
- update: function (userId, post, fieldNames) {
- // _.without() is like PHP array_diff($source, ...$keys).
- // May only edit the following two fields:
- return (_.without(fieldNames, "url", "title").length > 0);
- }
- });
- Posts.deny({
- // In a post edit, the update is performed by a $set modifier, with the same
- // fields as the base inserted post: url and title, so we can pass it to
- // the post validator as it currently stands.
- update: function (userId, post, fieldNames, modifier) {
- var errors = validatePost(modifier.$set);
- return errors.title || errors.url;
- }
- });
- validatePost = function (post) {
- var errors = {};
- if (!post.title) {
- errors.title = "Please fill in a headline";
- }
- if (!post.url) {
- errors.url = "Please fill in a URL";
- }
- return errors;
- };
- // This is in lib/ instead of server/ for latency compensation.
- Meteor.methods({
- postInsert: function(postAttributes) {
- "use strict";
- check(this.userId, String); // Or Meteor.userId() ?
- check(postAttributes, {
- title: String,
- url: String
- });
- var errors = validatePost(postAttributes);
- if (errors.title || errors.url) {
- throw new Meteor.Error('invalid-post',
- "You must set a title and URL for your post");
- }
- var postWithSameLink = Posts.findOne({ url: postAttributes.url });
- if (postWithSameLink) {
- // Return to skip the insert.
- return {
- postExists: true,
- _id: postWithSameLink._id
- };
- }
- var user = Meteor.user();
- var post = _.extend(postAttributes, {
- userId: user._id,
- author: user.username,
- submitted: new Date(),
- commentsCount: 0,
- upvoters: [],
- votes: 0
- });
- var postId = Posts.insert(post);
- return {
- _id: postId
- };
- },
- upvote: function (postId) {
- check(this.userId, Match.OneOf(null, String));
- check(postId, String);
- if (this.userId === null) {
- throw new Meteor.Error('invalid', 'Not logged in');
- }
- var affected = Posts.update({
- _id: postId,
- upvoters: { $ne: this.userId }
- }, {
- $addToSet: { upvoters: this.userId },
- $inc: { votes: 1 }
- });
- if (!affected) {
- throw new Meteor.Error('invalid', "You weren't able to upvote that post");
- }
- }
- });
|