I’ve been working off of the example set forth by the new Todos app, using ValidatedMethods and SimpleSchema. However, there are times that I want to use server-only methods, methods that can’t be called from the client (whereas Meteor Methods would run simultaneously on the server and client). In my methods file, I’ve been defining them thusly:
export const updatePostRank = (postId, amount) => {
const updatePostRankSchema = new SimpleSchema({
postId: {
type: String,
regEx: SimpleSchema.RegEx.Id,
},
amount: {
type: Number,
},
});
check({
postId: postId,
amount: amount,
}, updatePostRankSchema);
if (Meteor.isServer) {
Posts.update(postId,
{
$inc: {rank: amount}
}
);
}
};
Then, from inside one of my ValidatedMethods, I could call updatePostRank('the_doc_id', 5);, and it works like a charm. But I’m not totally solid on this function’s security (or elegance, for that matter). Is there any way that the updatePostRank() could be called from the client, even if I don’t import it into a client’s template file? Is the if (Meteor.isServer) check necessary, if the first question is not the case? I’d tried implementing Meteor Chef’s implementation, but I got some wonky results from this.isConnection.
Just hoping for a sanity check here, and if my code looks good then hopefully others might find it’s a useful pattern. Thanks!