Enclose collection's allow/deny rules within schema definition #55
Comments
|
As @aldeed explains in this post on meteor-core, For instance if I define this rule: {
pseudo: {
type: String,
allow: function (val) {
return val.length > 3;
}
}
}I actually expect a pseudo to be invalid if it has 3 chars or less. But that not what this rule mean: a operation is allowed only if at least one So I'm against the It would allow us to define a function for a particular field that will check it on both |
|
I don't quite think For example, I might want a "superadmin" to be able to insert/update/remove at will, without any validation. Or I may have set a Such rules better be defined as simple So I believe, the decision to be able to use either one or both of |
|
@serkandurusoy, I don't think your Unless you were thinking this should be an entirely separate layer of allow/deny rules that are per field. I'm not sure I see the need for adding that extra level of complexity. But I do think this could generally be helpful to add to the schema. The obvious problem is interpreting how the various rules for various fields should be combined, i.e., which takes precedence in the event of a conflict. I'd need to see a pretty thorough plan or example implementation before I'd be on board. |
|
Yes you can use a The operation validation happen at the document level, so if you know all the code you can define a |
|
The confusion might be because @mquandalle and I are thinking in terms of the behind-the-scenes implementation while @serkandurusoy might be thinking more of the API/schema options. It might be possible to have allow/deny schema options BUT we would implement BOTH of these through logic defined in only a single |
|
To clarify my point/requirement further, I am suggesting that we define allow/deny rules within the schema definition for the collection as opposed to defining them outside. Other than that, it would basically be the same (not per field, per document as it is currently already intended to be) but with an addition of |
|
It might work, but I feel like there would be areas of confusion. I'll have to test it out and see how logical it is. |
|
@serkandurusoy, do you have some good examples of where schema allow/deny would be helpful? I'm having trouble thinking of good use cases, and I don't like to add a feature until there's a good use case to justify it. The way I see it, anything related to validating specific fields is part of schema validation, which is basically just one giant |
|
Since it would basically be the same as defining allow/define outside where it currently is done, I cannot suggest a good example. My point being, this would allow the code be tidier, easier to follow. Other than that, nothing special. Apart from this, I think my initial comments were misguided due to the fact that I misinterpreted how allow/deny works. I think I was also looking for something along the lines of a "superallow" where if conditions are met, it would precede any deny rules as well any schema validations. So to sum this up, if you don't find value in enclosing allow/deny rules as simple pass through in order to increase code organization, then please go ahead and close this. |
|
To me it currently looks quite ok organized to call allow/deny on the collection, after defining the schema and creating it, usually in the same collection/CollectionName.js or .coffee file. A non-standard, special way to define allow/deny in a schema (with the same collection wide effect) could potentially confuse people. |
|
I'm closing this. I think that with the current |
|
hi @aldeed ,
Can you give an example of not writing any allow / deny and putting the validation in the I'm trying to do it but I can't seem to return my own custom error: // ... schema definitions
likes: {
type: [String],
custom: function(){
if(!this.userId){
return 'needLogin';
}
}
},
// ... schema definitions
Lines.simpleSchema().messages({
needLogin: "You must login to do this"
});
Lines.simpleSchema().namedContext().addInvalidKeys([
{name: 'likes', type: 'needLogin'}
]);
|
|
@geekyme, I'd have to see more code. Your example works for me. |
|
My app is gigantic I'm not sure which parts is affecting this behavior. I did some checks like placing console.log in likes: {
type: [String],
autoValue: function(){
if(this.isInsert){
var arr = [];
return [];
}
},
custom: function(){
console.log('test')
if(!this.userId){
return 'needLogin';
}
}
},
I also have a collection allow callback on updates as follows: Lines.allow({
update: canLike,
});
canLike = function(userId, doc, fields, modifier){
if(!isLogined(userId)) return false
if(!modifier.$addToSet) return false // only use $addToSet
if(!onlyHas(fields, 'likes')) return false // only goods
if(_.contains(doc.likes, userId)) return false // unique likes
return true
}
|
|
I don't see anything obvious, but if you can create a small example app that reproduces the issue, I can take a look. |
|
Maybe submit it as a new github issue, too. |
|
@geekyme how is that relevant? I define my collections in files that are available to both client and the server while keeping the allow/deny code within the same file. Therefore, my allow/deny rules are specified everywhere like yours. I don't see any problem though. |
While designing a fairly large domain, I came to the conclusion that, incorporating collection-wide allow/deny rules within the schema definition itself could greatly improve code structuring.
Perhaps with a
thissimilar to that of autovalue's and/orval, obj, operatorlike valueisallowed's.I can't imagine how and if it should be implemented on the server, though.
The text was updated successfully, but these errors were encountered: