Apologies if there is a concrete answer I missed, but could not find it.
I am confused about the security differences between using Meteor Methods (strictly server side) and Collection Helpers (available on client + server), specifically with dburles:collection-helpers
Let’s say I have a Collection Helper like below, and I have also implemented deny rules for all Tasks, all in a “tasks.js” file, where the Schema is defined.
Tasks.helpers ({
saveTask: function(taskId, taskText){
//save task to DB
}
));
Tasks.deny({
insert() { return true; },
update() { return true; },
remove() { return true; }
});
-
Will the client automatically be able to write that task to the app’s DB?
-
Or will it write to the local client side minimongo, and then run the server side version (like a method stub vs Meteor.method)?
-
What about User Permissions, and Validation? Am I correct to assume any validation has to be custom inside the helper – there is nothing like validate() functions for such helpers?