So I’ve just stumbled upon a “problem” with my pub/sub model. And I’m wondering what is the best strategy to work around it.
Example: Right now my orders
publications takes in the following params order, statuses, history
, obviously the first params let me subscribe just to a single order or when passed an Array
to multiple orders, the others are not important right now.
But as the app grows I kinda need more granular control over the publication, it’s better to write specific publications, where I specifically determine what gets published or stay more generic.
Specific:
Meteor.publish('manager.orders.table', function(){
return orders.find(someSpecificQuery, someSpeficOptions)
});
Generic:
Meteor.publish('orders', function(query, options){
//perform validations - checks
//perform query validations?
return orders.find(query, options);
});
Also what concers me, do i need to perform query validations? Like see if there some “unsafe” operators (NoSQL injection), if so which ones are considered dangerous? I do know, that this way users could get all my orders, but that could be worked around with user roles.