Databases
StackOverflow2013
Postsdbo
POGetting values from the server
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGetting values from the server
    primarykey
    data
    text
    <p>Let's say I don't want my client to have access to a collection, but I do want my client to be able to ask certain questions about objects within that collection. How would I achieve this?</p> <p>As an example, let's say I want to know if there's currently a user logged in. When a user first logs in, I set that user's database id in <code>Session</code> and in a cookie. Currently, the application says a user is logged in if <code>!Session.equals("user_id", null)</code>, which of course is very insecure because now I can open firebug and say <code>Session.set("user_id", "foo")</code> and now I'm logged in.</p> <p>I don't want the client to have access to the Users collection at this point. The only client code that has access to this collection is enclosed in a self executing function in an effort to protect it (I'm not really sure if that's the right way to do security in Meteor, so feel free to recommend something along those lines as well). So instead I'd like to call some server side code and pass it the id that's set in session and have it tell me if that's a valid user or not.</p> <p>Here's how I'd like to see it setup:</p> <pre><code>// client function logged_in() { return SomeServerMethodThatValidatesUserId(Session.get("user_id")); } </code></pre> <p><code>Meteor.methods</code> doesn't seem to fit the bill, since <code>Meteor.call</code> performs an asynchronous callback. The pub/sub model looks a little more promising, but from the documentation, I'm not quite sure how it works.</p> <p>It seems to suggest that I should call <code>this.set</code> from within the publish handler in order to set some values on the client, but I can't figure out where those values become available.</p> <p>Or maybe the pub/sub model isn't right for this either and there's another way that I'm missing. Any advice is appreciated! </p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USSamo
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POGetting values from the server
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POGetting values from the server
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POGetting values from the server
      1. This table or related slice is empty.
      1. VTUpMod
    1. COCheck out this answer by one of the Meteor developers: http://stackoverflow.com/questions/10115042/how-do-you-secure-the-client-side-mongodb-api/10116342#10116342 It shows how to disable the default "training wheels" that allow the client and server to execute arbitrary mongo commands. Then you can expose only what you want to the client via Meteor.methods and Meteor.publish. This will be simplified when the Meteor auth package is released.
      singulars
      1. POGetting values from the server
      1. USrmarscher
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload