Permalink
Browse files

Added basic permission to check the post's owner.

chapter8-2
  • Loading branch information...
tmeasday committed Apr 8, 2013
1 parent 85f91b0 commit b45a1301e91012257c6f6294cbe509d3c9eca8b4
Showing with 9 additions and 0 deletions.
  1. +5 −0 lib/collections/posts.js
  2. +4 −0 lib/permissions.js
View
@@ -1,5 +1,10 @@
Posts = new Mongo.Collection('posts');
+Posts.allow({
+ update: function(userId, post) { return ownsDocument(userId, post); },
+ remove: function(userId, post) { return ownsDocument(userId, post); },
+});
+
Meteor.methods({
postInsert: function(postAttributes) {
check(this.userId, String);
View
@@ -0,0 +1,4 @@
+// check that the userId specified owns the documents
+ownsDocument = function(userId, doc) {
+ return doc && doc.userId === userId;
+}

0 comments on commit b45a130

Please sign in to comment.