Skip to content
Permalink
Browse files

Added basic permission to check the post's owner.

chapter8-2
  • Loading branch information
tmeasday committed Oct 19, 2015
1 parent 85f91b0 commit b45a1301e91012257c6f6294cbe509d3c9eca8b4
Showing with 9 additions and 0 deletions.
  1. +5 −0 lib/collections/posts.js
  2. +4 −0 lib/permissions.js
@@ -1,5 +1,10 @@
Posts = new Mongo.Collection('posts');

Posts.allow({
update: function(userId, post) { return ownsDocument(userId, post); },
remove: function(userId, post) { return ownsDocument(userId, post); },
});

Meteor.methods({
postInsert: function(postAttributes) {
check(this.userId, String);
@@ -0,0 +1,4 @@
// check that the userId specified owns the documents
ownsDocument = function(userId, doc) {
return doc && doc.userId === userId;
}

0 comments on commit b45a130

Please sign in to comment.
You can’t perform that action at this time.