Am I doing server-only methods right?

I’ve been working off of the example set forth by the new Todos app, using ValidatedMethods and SimpleSchema. However, there are times that I want to use server-only methods, methods that can’t be called from the client (whereas Meteor Methods would run simultaneously on the server and client). In my methods file, I’ve been defining them thusly:

export const updatePostRank = (postId, amount) => {
    const updatePostRankSchema = new SimpleSchema({
        postId: {
            type: String,
            regEx: SimpleSchema.RegEx.Id,
        },
        amount: {
            type: Number,
        },
    });
    check({
        postId: postId,
        amount: amount,
    }, updatePostRankSchema);

    if (Meteor.isServer) {
        Posts.update(postId,
            {
                $inc: {rank: amount}
            }
        );
    }
};

Then, from inside one of my ValidatedMethods, I could call updatePostRank('the_doc_id', 5);, and it works like a charm. But I’m not totally solid on this function’s security (or elegance, for that matter). Is there any way that the updatePostRank() could be called from the client, even if I don’t import it into a client’s template file? Is the if (Meteor.isServer) check necessary, if the first question is not the case? I’d tried implementing Meteor Chef’s implementation, but I got some wonky results from this.isConnection.

Just hoping for a sanity check here, and if my code looks good then hopefully others might find it’s a useful pattern. Thanks!

Near the bottom of

I would override the run property of the validated method from a server/ file. There’s no need for Meteor.isServer and no repetition of code.