Permalink
Browse files

Only allow changing certain fields of posts.

chapter8-3
  • Loading branch information...
tmeasday committed Apr 8, 2013
1 parent b45a130 commit 2df3a7ab125ce901495c70003170aa51ef56aa9d
Showing with 7 additions and 0 deletions.
  1. +7 −0 lib/collections/posts.js
View
@@ -5,6 +5,13 @@ Posts.allow({
remove: function(userId, post) { return ownsDocument(userId, post); },
});
+Posts.deny({
+ update: function(userId, post, fieldNames) {
+ // may only edit the following two fields:
+ return (_.without(fieldNames, 'url', 'title').length > 0);
+ }
+});
+
Meteor.methods({
postInsert: function(postAttributes) {
check(this.userId, String);

0 comments on commit 2df3a7a

Please sign in to comment.