Closed francisbyrne closed 10 years ago
That makes perfect sense, what if I make the query Param on the sever able to be a function that is executed from the this context of the publication?
Should be pretty straightforward, I'll play around with it in a minute. — Austin Rivas
On Sun, May 25, 2014 at 11:58 AM, Francis Byrne notifications@github.com wrote:
@austinrivas It seems that the change you've made to allow limiting the publication data won't work for my use-case, or any use-case involving restricting the dataset to a particular user. In my example,
this.userId
is not available when I initialise on the server:PortfolioTable = new DataTableComponent({ subscription: 'holdings', collection: Holdings, query: {'userId': this.userId} // this.userId == null }); PortfolioTable.publish();
I'm guessing this is because it only calls the query once when the server starts up (when it doesn't know any client details), instead of calling the query each time a new subscription is made, as other publish functions do.
Given this is the case, it seems like the usage of this feature is be pretty limited, security-wise. Or perhaps I have just called it incorrectly?
Reply to this email directly or view it on GitHub: https://github.com/LumaPictures/meteor-jquery-datatables/issues/29
@austinrivas Yeah I think that'd be perfect, let me know when it's done and I'll retest.
ok @francisbyrne should be working now.
Usage looks like this
if Meteor.isServer
RowsTable = new DataTableComponent
subscription: "rows"
collection: Rows
# ##### Only return rows this user owns
query: ( component ) ->
component.log "userId", Meteor.userId
return { owner: Meteor.userId }
debug: "userId"
RowsTable.publish()
@austinrivas Cool, that works. However, I think it should be this.userId
not Meteor.userId
as it is called in a publish function, right? At least, that's what worked for me, Meteor.userId
threw an exception.
You should be able to, the this
context in your query method should be the exact same as in a publication.
@austinrivas Yep, what I meant was: this.userId
works, but Meteor.userId
doesn't work (at least it didn't work for me). I just thought I should mention it in case you use your above example in the docs.
Just to be clear, isn't that the expected behavior inside a meteor publication?
Yep, it is the expected behaviour. I was just saying I was thrown off by your example, which uses Meteor.userId
. Not a big deal, just thought I'd mention in case you use that usage example in your docs.
Ah I see, good catch. Feel free to update it and submit a pull request if you have the time
@austinrivas It seems that the change you've made to allow limiting the publication data won't work for my use-case, or any use-case involving restricting the dataset to a particular user.
In my example,
this.userId
is not available when I initialise on the server:I'm guessing this is because it only calls the query once when the server starts up (when it doesn't know any client details), instead of calling the query each time a new subscription is made, as other publish functions do.
Given this is the case, it seems like the usage of this feature is be pretty limited, security-wise. Or perhaps I have just called it incorrectly?