Book Image

Building Single-page Web Apps with Meteor

By : Fabian Vogelsteller
Book Image

Building Single-page Web Apps with Meteor

By: Fabian Vogelsteller

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Building Single-page Web Apps with Meteor
Fabian Vogelsteller
Jan, 2015 | 198 pages
No titles found
Table of Contents (21 chapters)
Building Single-page Web Apps with Meteor
Building Single-page Web Apps with Meteor
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Meteor
Getting Started with Meteor
The full-stack framework of Meteor
Meteor's requirements
Installing Meteor
Creating our first app
Adding basic packages
Variable scopes
Meteor's folder conventions and loading order
Meteor's command-line tool
Summary
2
Building HTML Templates
Building HTML Templates
Writing templates in Meteor
Building the basic templates
Adding templates and partials
Displaying data with template helpers
Setting the data context for a template
"this" in template helpers and template callbacks
Adding events
Block helpers
Listing posts
Spacebars syntax
Summary
3
Storing Data and Handling Collections
Storing Data and Handling Collections
Meteor and databases
Setting up a collection
Adding post examples
Querying a collection
Updating a collection
Database everywhere
Differences between client and server collections
Summary
4
Controlling the Data Flow
Controlling the Data Flow
Syncing data – the current Web versus the new Web
Removing the autopublish package
Publishing data
Publishing only parts of data
Publishing specific fields
Lazy loading posts
Switching subscriptions
Some notes on data publishing
Summary
5
Making Our App Versatile with Routing
Making Our App Versatile with Routing
Adding the iron:router package
Setting up the router
Switching to a layout template
Adding another route
Moving the posts subscription to the Home route
Setting up the post route
Changing the website's title
Summary
6
Keeping States with Sessions
Keeping States with Sessions
Meteor's session object
Using sessions in template helpers
Rerunning functions reactively
Using autorun in a template
The reactive session object
Summary
7
Users and Permissions
Users and Permissions
Meteor's accounts packages
Adding the accounts packages
Adding admin functionality to our templates
Creating the template to edit posts
Creating the admin user
Creating routes for the admin
Summary
8
Security with the Allow and Deny Rules
Security with the Allow and Deny Rules
Adding a function to generate slugs
Creating a new post
Editing posts
Restricting database updates
Adding a deny rule
Adding posts using a method call
Calling the method
Summary
9
Advanced Reactivity
Advanced Reactivity
Reactive programming
Building a simple reactive object
Creating an advanced timer object
Reactive computations
Summary
10
Deploying Our App
Deploying Our App
Deploying on meteor.com
Deploying on other servers
Outlook
Summary
11
Building Our Own Package
Building Our Own Package
The structure of a package
Creating our own package
Releasing our package to the public
Summary
12
Testing in Meteor
Testing in Meteor
Types of tests
Testing packages
Testing our meteor app
Acceptance tests
Summary
Appendix
Appendix
List of Meteor's command-line tool commands
The iron:router hooks
Index
Index

Restricting database updates

Until now, we simply added the insert and update functionality to our editPost template. However, anybody can insert and update data if they just type an insert statement into their browser's console.

To prevent this, we need to properly check for insertion and update rights on the server side before updating the database.

Meteor's collections come with the allow and deny functions, which will be run before every insertion or update to determine whether the action is allowed or not.

The allow rules let us allow certain documents or fields to be updated, whereas the deny rules overwrite any allow rules and definitely deny any action on its collection.

To make this more visible, let's visualize an example where we define two allow rules; one will allow certain documents' title fields to be changed and another will allow only editing of the description fields, but an additional deny rule can prevent one specific document to be edited in any case.

Removing the insecure...

Previous Section
End of Section 5
Next Section