In Meteor tutorial I saw that I have to do “Security with methods”. Do I have to do that when I have done PuSu (as I think you call it), per userId from the server? Is there a more convenient way of doing it as I have several Collections?
I have a hard time wrapping my head around this issue but is publishing projects as this by userId not safe?
Meteor.publish('projects', function(){
return Projects.find({userId:this.userId});
});
Can anyone run this in the console on the server to remove all projects for all users?
Projects.find({}).forEach(function (doc) {
Projects.remove({_id: doc._id});
});
If so, what’s the difference with this https://www.discovermeteor.com/blog/meteor-and-security/ ?