Collection.allow() security


#1

I am using rubaxa:sortable to reorder a list of media items.
It needs an “allow” function of the sorted collection, “Media” in this case.

Media.allow({ 
  update: function (userId, task) { return true; } 
});

How can I limit Media.allow to only change “order” fields for the logged in user?