是否可以使用模式本身指定字段不可更新,而不是在允许/拒绝规则中定义它?
我很想知道因为我使用quickform来允许用户根据用户文档(帐户包)编辑他们的用户详细信息,我想阻止他们更改其电子邮件地址的验证状态。
基于用户角色的规则非常适合仅允许管理员和流星本身更改此字段的状态。
我希望有这样的事情:
emails: {
type: Array,
optional: true
},
"emails.$": {
type: Object
},
"emails.$.address": {
type: String,
regEx: SimpleSchema.RegEx.Email
},
"emails.$.verified": {
type: Boolean
allowRoles: ['admin','system'] // this does not exist
},
问候,克里斯
答案 0 :(得分:2)
You have a few different options.
To prevent anyone from updating a field, you can set the denyUpdate field in the flag definition (requires aldeed:collection2)
"emails.$.verified": {
type: Boolean
denyUpdate: true
},
To allow it to be updated by admin's only, you could try a custom validator that checks the userId to see if it is an admin (example requires aldeed:collection2 and alanning:roles)
"emails.$.verified": {
type: Boolean
custom: function() {
if ( this.isSet && this.isUpdate && !Roles.userIsInRole(this.userId, "admin") ) {
return "unauthorized";
}
}
},
You'd probably also want to define a message for the "unauthorized" validation error.
SimpleSchema.messages({
"unauthorized" : "You do not have permission to update this field"
})
This will display an error to the user if they try to change the field.
Alternately, you could simply unset the value provided by non-admin users and allow the rest of the update to go ahead.
"emails.$.verified": {
type: Boolean
autoValue: function() {
if ( !Roles.userIsInRole(this.userId, "admin") ) {
this.unset();
}
}
},