Meteor.js发布和订阅?
[英]Meteor.js Publishing and Subscribing?
问题描述
Okay, so I am a bit confused about something with Meteor.js. 
好的,所以我对Meteor.js的某些事情感到困惑。 I created a site with it to test the various concepts, and it worked fine. 我用它创建了一个网站来测试各种概念,它运行良好。 Once I removed "insecure" and "autopublish", I get multiple "access denied" errors when trying to retrieve and push to the server. 一旦我删除了“不安全”和“自动发布”,我在尝试检索并推送到服务器时会收到多个“拒绝访问”错误。 I belive it has something to do with the following snippet: 我相信它与以下代码段有关:
Template.posts.posts = function () {
return Posts.find({}, {sort: {time: -1}});
}
I think that it is trying to access the collection directly, which it was allowed to do with "insecure" and "autopublish" enabled, but once they were disabled it was given access denied. 我认为它正在尝试直接访问该集合,允许它启用“不安全”和“自动发布”,但是一旦它们被禁用,它就会被拒绝访问。 Another piece I think is problematic: 我认为另一件作品存在问题:
else {
Posts.insert({
user: Meteor.user().profile.name,
post: post.value,
time: Date.now(),
});
I think that the same sort of thing is happening: it is trying to access the collection directly, which it is not allowed to do. 我认为同样的事情正在发生:它试图直接访问集合,这是不允许的。
My question is, how do I re-factor it so that I do not need "insecure" and "autopublish" enabled? 我的问题是,我如何重新考虑它,以便我不需要启用“不安全”和“自动发布”?
Thanks. 谢谢。
EDIT 编辑
Final: 最后:
/**
* Models
*/
Posts = new Meteor.Collection('posts');
posts = Posts
if (Meteor.isClient) {
Meteor.subscribe('posts');
}
if (Meteor.isServer) {
Meteor.publish('posts', function() {
return posts.find({}, {time:-1, limit: 100});
});
posts.allow({
insert: function (document) {
return true;
},
update: function () {
return false;
},
remove: function () {
return false;
}
});
}
1 个解决方案
解决方案1
7 已采纳 2013-09-22 18:54:03
Ok, so there are two parts to this question: 好的,这个问题有两个部分:
Autopublish 自动发布
To publish databases in meteor, you need to have code on both the server-side, and client-side of the project. 要在meteor中发布数据库,您需要在项目的服务器端和客户端都有代码。 Assuming you have instantiated the collection ( Posts = new Meteor.Collection('posts') ), then you need 假设你已经实例化了该集合( Posts = new Meteor.Collection('posts') ),那么你需要
if (Meteor.isServer) {
Meteor.publish('posts', function(subsargs) {
//subsargs are args passed in the next section
return posts.find()
//or
return posts.find({}, {time:-1, limit: 5}) //etc
})
}
Then for the client 然后为客户
if (Meteor.isClient) {
Meteor.subscribe('posts', subsargs) //here is where you can pass arguments
}
Insecure 不安全
The purpose of insecure is to allow the client to indiscriminately add, modify, and remove any database entries it wants. 不安全的目的是允许客户端不加选择地添加,修改和删除它想要的任何数据库条目。 However, most of the time you don't want that. 但是,大多数时候你不希望这样。 Once you remove insecure, you need to set up rules on the server detailing who can do what. 删除不安全后,您需要在服务器上设置规则,详细说明谁可以执行哪些操作。 These two functions are db.allow and db.deny. 这两个函数是db.allow和db.deny。 Eg 例如
if (Meteor.isServer) {
posts.allow({
insert:function(userId, document) {
if (userId === "ABCDEFGHIJKLMNOP") { //e.g check if admin
return true;
}
return false;
},
update: function(userId,doc,fieldNames,modifier) {
if (fieldNames.length === 1 && fieldNames[0] === "post") { //they are only updating the post
return true;
}
return false;
},
remove: function(userId, doc) {
if (doc.user === userId) { //if the creator is trying to remove it
return true;
}
return false;
}
});
}
Likewise, db.deny will behave the exact same way, except a response of true will mean "do not allow this action" 同样,db.deny的行为方式完全相同,但响应为true意味着“不允许此操作”
Hope this answers all your questions 希望这能回答你所有的问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.