In this course, you will develop more advanced web application programming skills. You will learn how to control data read and write access using methods, publish and subscribe. You will learn how to access your database and server shells using command line tools. You will use the SimpleSchema system to validate data and generate input forms automatically. You will see a complete collaborative code editing environment, TextCircle, being built from scratch. At the end of this course, you will be able to: - use Meteor methods to control data write access - use publish and subscribe to control data read access - install and use advanced Meteor packages - add user accounts to your applications - implement complex MongoDB filters - use the MongoDB and meteor server shells - define data validations schemas using SimpleSchema - generate data input forms automatically using SimpleSchema In this course, you will complete: 2 programming assignments taking ~4 hours each to complete 4 quizzes, each taking ~20 minutes to complete multiple practice quizzes, each taking ~5 minutes to complete Participation in or completion of this online course will not confer academic credit for University of London programmes
Controlling document access
Loading...
來自 University of London 的課程
使用 Javascript 和 MongoDB 开发 Web 应用
498 個評分
從本節課中
Publish and subscribe model and MongoDB filters
Welcome to the third module of 'Web Application Development with JavaScript and MongoDB!' In this module we will use bootstrap icons and use the publish and subscribe model to control data read access. We will understand the concept of asynchronous execution and work with template data contexts and helper functions. Finally we will use packages to implement in-place content editing and use complex MongoDB filters. Enjoy!
與講師見面
Dr Matthew Yee-KingLecturer
Computing Department, Goldsmiths, University of London
[MUSIC]
Right, so now we can access whichever documents we want.
And we can change the titles if we're the owner.
And we can create new documents.
But the next step is to add a bit of extra security for the user so
they can select whether a document is private or public.
And if it's private, it's gonna appear only in their list of documents.
And if it's public, it is in everyone's list.
So the way we're gonna do is by adding a simple check box to the user interface,
which says, allows them to check whether it's public or private,
and we'll use a bootstrap component to do that.
First of all, I'm on the bootstrap CSS page here,
which has all the simplest types of constructs that you can use in bootstrap.
there's the forms on the right hand side there.
It gives me this check box.
That's the thing I'm interested in.
So where's the code right there.
I grab that code and I'm gonna put this check box into the template code,
into doc meta.
There's my doc meta template being embedded there.
I roll down and there's the, let's make
it a bit more compact, there's my, there it is.
There's my doc meta template and
what I want to do is inside this same data context,
I'm gonna drop in a check box,
which basically says private.
Okay, and let's just see how that looks in the interface.
That gives me a little private check box under there which is great.
And then I need to connect an event listener to it.
I need to put a special class on the check box and
then figure out how I can deal with the event back in the JavaScript so
first of all, add the special class, and it goes here.
Class equals js tog private
as in toggling that field there.
And then I go back into my js and I'm gonna write
a new event listener on the doc meta template.
So template dot doc meta dot events.
After you've done a bit of this you get reasonably fluent
with sort of writing all this stuff.
Especially if you use a nice text editor like this one.
And the event is a click on js toggle, don't forget the full stop,
and its function which receives an event, and
first of all let's just do console log.
Now I happen to know that you can get the state
of the check box by calling event dot target dot checked.
So event dot target gives me access to the thing that actually they clipped on or
whatever is related to the event.
The web page, so in this case that's the check box and check is a property that
check boxes have which is either true or false depending what state they're in.
Let's just see if we see the correct state of the check box there.
I click on it it's now checked and I'm, true is being printed out.
Click on it again it's now false.
False is being printed out.
My next step is to take that information and
use it to update the documents to set a private flag on it to true or false.
And so I do that by calling a method.
Now, remember that we're no longer just doing inserts and
updates wherever we, once in our code.
We have to do it through a method.
And that's more secure.
I'm gonna say meteor.
Well first of all I wanna know what my document ID is.
And so I'll create a little, I'm gonna create a little object,
which I'm gonna send to the method, which tells it what I wanna do.
And the object is gonna look like this.
Var doc equals and, and the document ID, so
I'm going to set an ID on the document to, the session, get doc ID,
so that's always going to be the current document that's being edited so
I can only toggle private, public on the current document.
Even though I could access the real document that's imbedded in the template
or whatever.
I'm gonna force it to be the currently edited document.
And I'm gonna set a private field to,
well let's call it is private.
To the value of the form there.
So as we saw earlier true or false.
Right?
I'm going to create this document thing,
and then I call meteor method, and
the method's going to be called update doc.
Privacy and I'm going to post it in my doc there.
Then I need to write this method.
I'm just going to jump down to the bottom of the code there, more or
less where I'm writing my method.
There's one of the methods, and the method is called
update doc privacy, and so I'll put it in here.
Update doc privacy function as usual.
And.
I'm gonna let it receive a doc.
And it's gonna,
let's just logout the doc to make sure we're getting it okay into the method.
And it's always good to check the data that's coming into your
functions before you kind of think, oh, that's all gone horribly wrong.
It's always good to check what you're working with.
So I'll say that I'm in the method, and I've got that.
Okay, syntax error.
What have I done wrong?
I've forgotten the comma.
Okay, meteor method is not a function.
That's right.
So, I go back here.
Because I don't call a method by calling meteor method,
I call it by saying meteor call, fair enough.
Back in, reload.
Let's toggle it.
Okay, update privacy method, and I'm receiving that object which I created.
That's good, so the method is receiving the correct data.
The final step is to actually do the update on the database.
And I would go back into the method, and say.
What I can do is, I can pull out the document I want to update, and
then set that private field to what it should be.
So I can do it like this.
Var real doc equals documents find
one where the ID equals doc dot ID, okay.
And if I've got a real doc,
then real doc dot is private
is going to be set to doc dot is.
Private and then I do documents dot update.
Same filter.
And pass it real doc.
Okay so this means that I sort of pass a really simple bit of data from
the client's side into the method.
And the method does the work of kind of checking that yeah, this document exists.
Then it could also check if you're the owner, that kind of thing, so
that other people can't toggle it.
That's probably a good thing we should put in here.
We could in fact find one and say,
owner Is this dot user ID, there we go.
Now, it has to have the ID of the document listed and
it has to be owned by the current user so that's more secure.
And then if we get a document, then go ahead update the private field and
then store it back into the database.
And so, we'll just run this if we've got any problems, okay.
No errors.
And if I go into the database with our old friend meteor mongo.
Oops.
Let's go into there.
Meteor Mongo.
Here it is.
And I do that.
Okay.
So I've just, all I've done is, I've called db documents find.
I'm printing out all of the documents that's coming back.
You see private is set to true.
Let's just check if that talleys with what I can see in interface.
Currently private is indeed set to true.
If I set it to false.
Then it should now be false.
Right. That's correct and
nothing else has changed cause I haven't allowed it to update any of the other
fields.
It's kind of limiting what that method can do.
It can only change the private field and only if they own it.
Okay. So that's cool and
the next step is to control which list of documents
you can see based on whether they're public or private.
And we'll do that in the next lesson.
[MUSIC]
