Commit 3e761f11bcf5242c11d8e5da06491adf7570c844
1 parent
c6f9c2127c
Exists in
master
Update example collection to explicitly deny any client side operations. Fixes #19.
Add allow/deny rules for Meteor.users collection to prevent any client side operations. Fixes #7.
Showing
2 changed files
with
55 additions
and
12 deletions
Show diff stats
collections/example.js
| ... | ... | @@ -5,14 +5,17 @@ Example = new Meteor.Collection('example'); |
| 5 | 5 | */ |
| 6 | 6 | |
| 7 | 7 | Example.allow({ |
| 8 | - insert: function(userId, doc){ | |
| 9 | - // Add your rules here. | |
| 8 | + insert: function(){ | |
| 9 | + // Disallow inserts on the client by default. | |
| 10 | + return false; | |
| 10 | 11 | }, |
| 11 | - update: function(userId, doc, fields, modifier){ | |
| 12 | - // Add your rules here. | |
| 12 | + update: function(){ | |
| 13 | + // Disallow updates on the client by default. | |
| 14 | + return false; | |
| 13 | 15 | }, |
| 14 | - remove: function(userId, doc){ | |
| 15 | - // Add your rules here. | |
| 16 | + remove: function(){ | |
| 17 | + // Disallow removes on the client by default. | |
| 18 | + return false; | |
| 16 | 19 | } |
| 17 | 20 | }); |
| 18 | 21 | |
| ... | ... | @@ -21,13 +24,16 @@ Example.allow({ |
| 21 | 24 | */ |
| 22 | 25 | |
| 23 | 26 | Example.deny({ |
| 24 | - insert: function(userId, doc){ | |
| 25 | - // Add your rules here. | |
| 27 | + insert: function(){ | |
| 28 | + // Deny inserts on the client by default. | |
| 29 | + return true; | |
| 26 | 30 | }, |
| 27 | - update: function(userId, doc, fields, modifier){ | |
| 28 | - // Add your rules here. | |
| 31 | + update: function(){ | |
| 32 | + // Deny updates on the client by default. | |
| 33 | + return true; | |
| 29 | 34 | }, |
| 30 | - remove: function(userId, doc){ | |
| 31 | - // Add your rules here. | |
| 35 | + remove: function(){ | |
| 36 | + // Deny removes on the client by default. | |
| 37 | + return true; | |
| 32 | 38 | } |
| 33 | 39 | }); | ... | ... |
collections/users.js
| ... | ... | @@ -0,0 +1,37 @@ |
| 1 | +/* | |
| 2 | +* Allow | |
| 3 | +*/ | |
| 4 | + | |
| 5 | +Meteor.users.allow({ | |
| 6 | + insert: function(){ | |
| 7 | + // Disallow user inserts on the client by default. | |
| 8 | + return false; | |
| 9 | + }, | |
| 10 | + update: function(){ | |
| 11 | + // Disallow user updates on the client by default. | |
| 12 | + return false; | |
| 13 | + }, | |
| 14 | + remove: function(){ | |
| 15 | + // Disallow user removes on the client by default. | |
| 16 | + return false; | |
| 17 | + } | |
| 18 | +}); | |
| 19 | + | |
| 20 | +/* | |
| 21 | +* Deny | |
| 22 | +*/ | |
| 23 | + | |
| 24 | +Meteor.users.deny({ | |
| 25 | + insert: function(){ | |
| 26 | + // Deny user inserts on the client by default. | |
| 27 | + return true; | |
| 28 | + }, | |
| 29 | + update: function(){ | |
| 30 | + // Deny user updates on the client by default. | |
| 31 | + return true; | |
| 32 | + }, | |
| 33 | + remove: function(){ | |
| 34 | + // Deny user removes on the client by default. | |
| 35 | + return true; | |
| 36 | + } | |
| 37 | +}); | ... | ... |