Allow and Deny in Meteor for Security

Meteor’s security system allows us to control database modification without having to define Methods every time we want to make changes.

We didn’t really need to create new Methods for updating and deleting data in database. We just needed to check if the user had permission to do these actions, and this was made easy by allow and deny callbacks. Using these callbacks lets us be more declarative about database modifications, and say what kind of updates can be used.

Multiple callbacks

We can define as many allow callbacks as required. We just need at least one of them to return true for the given change that is happening. So when (database).insert is called in a browser (no matter if it’s from our app’s client-side code or from the console), the server will in turn call whatever allowed- insert checks it can until it finds one that returns true. If it does not find any, it will not allow the insert, and will return a 403 error to the client.

Similarly, we can define one or more deny callbacks. If any of those callbacks return true, the change will be cancelled and a 403 will be returned. The logic of this means that for a successful insert, one or more allow insert callback as well as every deny insert callback will be executed.

In other words, Meteor moves down the callback list starting first with deny , then with allow , and executes every callback until one of them returns true .

Posted

in

,

by

Sonu Malik

Tags:

, ,

Recent Post

  • Building Intelligent AI Models For Enterprise Success: Insider Strategies 

    Just picture a world where machines think and learn like us. It might sound like a scene straight out of a sci-fi movie, right? Well, guess what? We are already living in that world now. Today, data, clever algorithms, and AI models are changing the way businesses operate. AI models are serving as a brilliant […]

  • Introducing Google Vids in Workspace: Your Ultimate AI-Powered Video Creation Tool

    Hey there, fellow content creators and marketing gurus! Are you tired of drowning in a sea of emails, images, and marketing copy, struggling to turn them into eye-catching video presentations? Fear not, because Google has just unveiled its latest innovation at the Cloud Next conference in Las Vegas: Google Vids- Google’s AI Video Creation tool! […]

  • Achieve High ROI With Expert Enterprise Application Development

    Nowadays modern-day enterprises encounter no. of challenges such as communication breakdown, inefficient business processes, data fragmentation, data security risks, legacy system integration with modern applications, supply chain management issues, lack of data analytics and business intelligence, inefficient customer relationship management, and many more. Ignoring such problems within an organization can adversely impact various aspects of […]

  • State Management with Currying in React.js

    Dive into React.js state management made easy with currying. Say goodbye to repetitive code and hello to streamlined development. Explore the simplicity and efficiency of currying for your React components today!

  • How Much Does It Cost to Develop an App in 2024?

    The price of bringing your app to life typically ranges from $20,000 to $200,000. This cost varies based on factors like which platform you choose, the complexity of features you want, and the size of your intended audience. However, costs can climb even higher for more complex projects, reaching up to $350,000.

  • Mastering Software Testing Strategies: Your Guide

    Implementing best software testing strategies is a crucial part of software development, ensuring that digital products meet industry standards. Defined by the International Software Testing Qualification Board, it encompasses a range of activities, both static and dynamic, throughout the software’s lifecycle. As an essential component of the Software Development Life Cycle (SDLC), the Software Testing […]