Comments (11)
I think ideally there'd be a way to opt out of allow/deny and thus these methods would never be created in the first place. I've no idea of the complexity of this though -- do you have an idea @stubailo?
from guide.
I think it shouldn't be too hard! Would allow/deny be a separate package then? What's the optimal UX?
from guide.
How's this:
- There are two packages:
allow-deny
that adds the methods,Collection.prototype.insert/update/remove
on the client,Collection.prototype.allow/deny
on the server.insecure
- which depends on the above but removes allow/deny (or whatever it does right now).
- A new app comes with
insecure
turned on (shudder). - When you remove it, you have nothing, and you need to add
allow-deny
if you want it.- but maybe for a release or two we wire up
Collection.prototype.allow/deny
to print a warning that you need to add theallow-deny
package.
- but maybe for a release or two we wire up
The scary part is that packages can depend on allow-deny
. I don't know what to do about that.
from guide.
The scary part is that packages can depend on allow-deny. I don't know what to do about that.
One option could be - you have to declare that you are turning on allow/deny
when you initialize the colllection. That way, a package can't accidentally turn it on?
I wonder if there's a market for collection "mixins"? Because the road we are heading down includes lots of configuration and even inheritance for collections, for example to make a validated collection. If there are many packages on atmosphere that add various features to collections, for example validation, basic security, default fields, collection helpers, etc, how are they supposed to do that without overriding the prototype or inheriting?
from guide.
I think mixins make sense but maybe in a world where you inherit from mongo
collection, ala rails?
Anyway I suspect you'd want a way to turn allow/deny on for everything, at
least if consistency with the way current meteor works was desired. But
maybe that's not the case?
On Wed, 21 Oct 2015 at 5:24 PM, Sashko Stubailo [email protected]
wrote:
The scary part is that packages can depend on allow-deny. I don't know
what to do about that.One option could be - you have to declare that you are turning on
allow/deny when you initialize the colllection. That way, a package can't
accidentally turn it on?I wonder if there's a market for collection "mixins"? Because the road we
are heading down includes lots of configuration and even inheritance for
collections, for example to make a validated collection. If there are many
packages on atmosphere that add various features to collections, for
example validation, basic security, default fields, collection helpers,
etc, how are they supposed to do that without overriding the prototype or
inheriting?—
Reply to this email directly or view it on GitHub
#47 (comment).
from guide.
I guess the methods could be defined at the point you first call allow for
a collection too..
On Wed, 21 Oct 2015 at 9:40 PM, Tom Coleman [email protected] wrote:
I think mixins make sense but maybe in a world where you inherit from
mongo collection, ala rails?Anyway I suspect you'd want a way to turn allow/deny on for everything, at
least if consistency with the way current meteor works was desired. But
maybe that's not the case?
On Wed, 21 Oct 2015 at 5:24 PM, Sashko Stubailo [email protected]
wrote:The scary part is that packages can depend on allow-deny. I don't know
what to do about that.One option could be - you have to declare that you are turning on
allow/deny when you initialize the colllection. That way, a package
can't accidentally turn it on?I wonder if there's a market for collection "mixins"? Because the road we
are heading down includes lots of configuration and even inheritance for
collections, for example to make a validated collection. If there are many
packages on atmosphere that add various features to collections, for
example validation, basic security, default fields, collection helpers,
etc, how are they supposed to do that without overriding the prototype or
inheriting?—
Reply to this email directly or view it on GitHub
#47 (comment).
from guide.
Wow funny - there's already an issue for something similar on Meteor: meteor/meteor#5096
from guide.
That is in no way surprising ;)
from guide.
+1
from guide.
First step PR WIP: meteor/meteor#5559
from guide.
Going to close this since there is some work on Meteor, and it's not a blocker for the guide.
from guide.
Related Issues (20)
- [hexo] Cannot start local hexo server "unknown block tag: endraw"
- Link to OK Grow article for MongoDB Atlas oplog tailing no longer works HOT 2
- Add Windows getting started guide HOT 1
- Section 6 - Running on Mobile - 404 HOT 2
- Remove or improve the part about crosswalk HOT 3
- Add section about eager loading of files
- Can't use Tailwind CSS v2.0 because postcss@^8.0.9 is not supported by juliancwirko:postcss HOT 1
- Add page last updated date? HOT 1
- angular is not supported HOT 3
- Helmet Example Link is now a 404 HOT 4
- missing meteor test --drive-package information HOT 3
- Update testing section with Cypress HOT 2
- A list of meteor URLs needed to be added for a corporate proxy whitelist HOT 1
- Update Guide to explain 1.7's new lazy loading capabilities HOT 5
- Add testing with Cypress to the guide HOT 5
- Documentation error in the Meteor guide Method section. HOT 1
- Blank screen issue on android mobile with meteor version 1.7 HOT 2
- Improve Vue page HOT 1
- Action Required: Fix Renovate Configuration
- Add to TypeScript section HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from guide.