0

我正在尝试使用 Collection.allow 功能从客户端更新集合。我正在尝试验证用户没有做坏事,除非我为文档应该是什么的论点得到空值。

服务器代码

Comments = new Meteor.Collection("comments");
if(Meteor.isServer){
    Comments.allow({
        insert: function (userId, doc) {
            return userId === doc.owner;
        },
        update: function (userId, doc, fields, modifier) {

            console.log("UPDATING doc: "+ JSON.stringify(doc)); // NULL GAAARNGAD
            _(modifier).each( function( value, key, modifier ) { // for each modifier
                console.log(JSON.stringify(key) + " - " + JSON.stringify(value));
                var ch_feilds = _.keys(value); // array of fields that are requested to be changed.
                var vote_feilds = ['upvoters', 'downvoters']; // feilds that can be changed by pull and addToSet
                var count_feilds = ['upc', 'downc', 'score'];
                switch(key){
                    case "$pull":
                    case "$addToSet":
                        // If adding there are fields attempted to be modified by pull or addtoset that aren't 
                        // in the allowed fields, reject update
                        if(_.union(ch_feilds, vote_feilds).length != vote_feilds.length) return false;
                        // make sure they aren't attempting to vote for someone else.
                        for(var i = 0; i < ch_feilds.length; i++)
                            if(ch_feilds[i] != userId) return false;
                        break;
                    case "$set":
                        // If the union of feilds to chang and the feilds set can change yeilds larger results
                        // than allowed fields, this should be rejected.
                        if(_.union(ch_feilds, count_feilds).length != count_feilds.length) return false;
                        // Make sure the scores line up
                        if(doc.upc != doc.upvoters.length ||
                            doc.downc != doc.downvoters.length ||
                            doc.score != doc.upc - doc.downc)
                            return false;
                        break;
                    default:
                        return false;
                }
            });

             console.log(JSON.stringify({userId: userId, doc: doc, fields: fields, modifier: modifier}));
             console.log("Update Successful");
            return true;
        },
        remove: function (userId, doc) {
            return false;
        },
        //fetch: ["owner"],
        transform: function () {
            //...
        }
    });
}

这是客户端代码

function upvote(Comments, comment_id){
  var comment = Comments.findOne({_id: comment_id});
  console.log(JSON.stringify(comment));
  if(comment){
    comment.upvoters = _.unique(comment.upvoters.push(Meteor.user()["_id"]));
    comment.downvoters = _.without(comment.downvoters, Meteor.user()["_id"]);
    Comments.update(
      {_id: comment_id},
      {
        $addToSet: {upvoters: Meteor.user()["_id"]},
        $pull: {downvoters: Meteor.user()["_id"]},
        $set: {
          upc: comment.upvoters.length,
          downc: comment.downvoters.length,
          score: comment.upvoters.length - comment.downvoters.length
        }
      }
    );
  }
  //update_vote_count(comment_id);
//console.log(comment_id + ' upvoted');
};
4

0 回答 0