Allow and Deny in Meteor for Security

Meteor’s security system allows us to control database modification without having to define Methods every time we want to make changes.

We didn’t really need to create new Methods for updating and deleting data in database. We just needed to check if the user had permission to do these actions, and this was made easy by allow and deny callbacks. Using these callbacks lets us be more declarative about database modifications, and say what kind of updates can be used.

Multiple callbacks

We can define as many allow callbacks as required. We just need at least one of them to return true for the given change that is happening. So when (database).insert is called in a browser (no matter if it’s from our app’s client-side code or from the console), the server will in turn call whatever allowed- insert checks it can until it finds one that returns true. If it does not find any, it will not allow the insert, and will return a 403 error to the client.

Similarly, we can define one or more deny callbacks. If any of those callbacks return true, the change will be cancelled and a 403 will be returned. The logic of this means that for a successful insert, one or more allow insert callback as well as every deny insert callback will be executed.

In other words, Meteor moves down the callback list starting first with deny , then with allow , and executes every callback until one of them returns true .


Posted

in

,

by

Recent Post

  • Mastering Software Testing Strategies: Your Guide

    Implementing best software testing strategies is a crucial part of software development, ensuring that digital products meet industry standards. Defined by the International Software Testing Qualification Board, it encompasses a range of activities, both static and dynamic, throughout the software’s lifecycle. As an essential component of the Software Development Life Cycle (SDLC), the Software Testing […]

  • Your Complete Guide to Securing Your Kubernetes Cluster: Essential Tips for Beginners

    In today’s digital landscape, Kubernetes has emerged as the go-to solution for managing applications at scale. However, amidst its power lies a crucial concern: security. Ensuring the safety of your Kubernetes cluster is paramount to protecting your applications, data, and infrastructure. This comprehensive guide will walk you through essential practices and tips to help you […]

  • How to use Cloudinary in Node.js to upload images?

    It’s simple to use Cloudinary to upload images in a Nodе.js application, which can improve your app’s imagе management capabilities. Wе’ll go over how to sеt up and incorporate Cloudinary in your Nodе.js application for imagе uploads and how to use Cloudinary nodejs in this blog article. What is Cloudinary? Cloudinary is a cloud-based media […]

  • Mobile App User Experience- 10 Biggest Mistakes First-Time Founders Make 

    With the mobile app industry hitting a whopping 206 Billion in value (as per Grand View Research), it is no wonder more entrepreneurs are jumping into the mobile app market with their innovative ideas and life-changing solutions. But for those taking their first plunge, it is crucial to understand that creating an app isn’t just […]

  • Building Draggable Components in React

    As user interaction becomes more prevalent in today’s applications, sometimes it’s nice to use draggable elements in your apps. Consider website builders like Trello or Wix. They have drag-and-drop features that make it easy and convenient for users. Hello everyone! In this article, I will show some simple ways to create draggable components in React […]

  • How to Fetch Data from an API with JavaScript?

    In web development, integrating data from external sources is a common task. Application Programming Interfaces (APIs) play an important function in changing data amongst systems. In this blog, we’ll explore the way to Get information from an API with the use of JavaScript, supplying step-by-step the resource of-step commands with complete code examples of how […]