我正在尝试使用 Collection.allow 功能从客户端更新集合。我正在尝试验证用户没有做坏事,除非我为文档应该是什么的论点得到空值。
服务器代码
Comments = new Meteor.Collection("comments");
if(Meteor.isServer){
Comments.allow({
insert: function (userId, doc) {
return userId === doc.owner;
},
update: function (userId, doc, fields, modifier) {
console.log("UPDATING doc: "+ JSON.stringify(doc)); // NULL GAAARNGAD
_(modifier).each( function( value, key, modifier ) { // for each modifier
console.log(JSON.stringify(key) + " - " + JSON.stringify(value));
var ch_feilds = _.keys(value); // array of fields that are requested to be changed.
var vote_feilds = ['upvoters', 'downvoters']; // feilds that can be changed by pull and addToSet
var count_feilds = ['upc', 'downc', 'score'];
switch(key){
case "$pull":
case "$addToSet":
// If adding there are fields attempted to be modified by pull or addtoset that aren't
// in the allowed fields, reject update
if(_.union(ch_feilds, vote_feilds).length != vote_feilds.length) return false;
// make sure they aren't attempting to vote for someone else.
for(var i = 0; i < ch_feilds.length; i++)
if(ch_feilds[i] != userId) return false;
break;
case "$set":
// If the union of feilds to chang and the feilds set can change yeilds larger results
// than allowed fields, this should be rejected.
if(_.union(ch_feilds, count_feilds).length != count_feilds.length) return false;
// Make sure the scores line up
if(doc.upc != doc.upvoters.length ||
doc.downc != doc.downvoters.length ||
doc.score != doc.upc - doc.downc)
return false;
break;
default:
return false;
}
});
console.log(JSON.stringify({userId: userId, doc: doc, fields: fields, modifier: modifier}));
console.log("Update Successful");
return true;
},
remove: function (userId, doc) {
return false;
},
//fetch: ["owner"],
transform: function () {
//...
}
});
}
这是客户端代码
function upvote(Comments, comment_id){
var comment = Comments.findOne({_id: comment_id});
console.log(JSON.stringify(comment));
if(comment){
comment.upvoters = _.unique(comment.upvoters.push(Meteor.user()["_id"]));
comment.downvoters = _.without(comment.downvoters, Meteor.user()["_id"]);
Comments.update(
{_id: comment_id},
{
$addToSet: {upvoters: Meteor.user()["_id"]},
$pull: {downvoters: Meteor.user()["_id"]},
$set: {
upc: comment.upvoters.length,
downc: comment.downvoters.length,
score: comment.upvoters.length - comment.downvoters.length
}
}
);
}
//update_vote_count(comment_id);
//console.log(comment_id + ' upvoted');
};