Closed nickredmark closed 9 years ago
File collections implement allow/deny rules differently from regular collections. They have ''insert' and 'remove' rules, but no 'update' rules (clients are always prohibited from updating directly to prevent possible invalid gridFS documents.) They also have 'write' and 'read' rules to control access to the file data itself.
From the meteor-security documentation, it appears that they've done some work to make it compatible with CollectionFS and its 'download' rule (similar to the file-collection 'read' rule). But that required extra work in meteor-security.
File-collection is significantly different from CollectionFS in that a FileCollection is a proper MongoDB gridFS collection, whereas a CollectionFS collection is just a regular MongoDB collection that sits between the app and a pluggable file store (which may be implemented as a gridFS store). The difference in these approaches may make it quite a bit of work to make meteor-security compatible with file-collection. I'm speculating, but that seems likely.
Makes sense, thank you
For security I use the ongoworks:security package: https://github.com/ongoworks/meteor-security
For some reason the pattern breaks with file collections:
generates the error