How to use rubaxa:sortable after removing insecure? (SOLVED)

warehouseman · February 27, 2015, 12:03am

Hello,

I have carefully picked apart RubaXa’s Sortable example in order to understand the minimum bits and pieces required for using it in my own project, but I have hit a snag: if I do …

meteor remove insecure

… the demo stops working properly. Attempts to modify the list with drag’n drop cause errors like …

insert failed : Access denied

I do not see any dependency on a user being logged in, but even if I do create a user and log in I get “Access denied” in any case.

When I look in the files ./.meteor/local/build/programs/server/packages/rubaxa-sortable.js & ./.meteor/local/build/programs/server/packages/rubaxa-sortable.js , I see that methods are defined on the server side and called from the client – so why is access denied?

I made a separate GitHub repo in order to simplify trying out suggested solutions. It is here : martinhbramwell/rubaxa-meteor-sortable

I would appreciate any suggested ways to get past this obstacle.

I would really appreciate a pull request with the right solution.

Thanks
Martin

Siyfion · February 27, 2015, 9:43am

Weird, I’m using Sortable in my application currently, and while I do have some issues (below) it does generally work fine. Can you create a MeteorPad with an example?

warehouseman · February 27, 2015, 11:22am

As I mentioned, I made an example in GitHub.

Maybe I’m pathetic but I have been utterly unable to use MeteorPad. I see no buttons to save my file changes, so all I ever see is the Leader-board example, unchanged, no matter what I do. I have tried in both Firefox and Chrome, under Ubuntu 14.04, but there is no difference. Is there some sort of secret “Easter Egg” button bar somewhere?

If someone would be willing to give my GitHub repository a try, or explain how to save changes to files in MeteorPad, I’ll be immensely grateful.

warehouseman · February 27, 2015, 11:27am

Ok, I just saw issue 9 here

https : // github.com/rissem/meteorpad/issues/9

Siyfion · February 27, 2015, 11:29am

You should still have the Ctrl + S save shortcut.

warehouseman · February 27, 2015, 11:33am

You’re right !

Usually <ctrl-s> saves the page to the local drive, so I did not think to try it.

Thank you very very much.

warehouseman · February 27, 2015, 12:34pm

Ok, here is my Meteorpad Sortable Meteor Example.

I’ll be so pleased to have my mistake pointed out to me.

Thanks in advance.
Martin

Siyfion · February 27, 2015, 12:41pm

Am I missing something or do you not have any allow / deny rules set? http://docs.meteor.com/#/full/allow

The documentation quite clearly states for Sortable that:

Meteor Mongo collections are updated when items are added, removed or reordered, and the order is persisted.

Well, then you need to allow the client to do that, otherwise it will be, by default, denied. (Unless insecure is installed)

Perhaps have a read of: https://www.discovermeteor.com/blog/meteor-and-security/

Allow and Deny are two server-side callbacks that execute for any insert, update, or remove database operations.

The operation is only permitted to go through if either:

At least one allow callback returns true.

No deny callback returns true.

This means that if you haven’t written any allow callbacks yet, no database operation will be permitted to go through from the client (assuming of course you’ve already removed the insecure package).

warehouseman · February 27, 2015, 2:06pm

You got it Simon!

If any one needs it, that MeteorPad can stay there as a simple working example of RubaXa Sortable.

Thanks very much!

Siyfion · February 27, 2015, 2:45pm

No problem, glad I could help.