[MUSIC] Right, so now we can access whichever documents we want. And we can change the titles if we're the owner. And we can create new documents. But the next step is to add a bit of extra security for the user so they can select whether a document is private or public. And if it's private, it's gonna appear only in their list of documents. And if it's public, it is in everyone's list. So the way we're gonna do is by adding a simple check box to the user interface, which says, allows them to check whether it's public or private, and we'll use a bootstrap component to do that. First of all, I'm on the bootstrap CSS page here, which has all the simplest types of constructs that you can use in bootstrap. there's the forms on the right hand side there. It gives me this check box. That's the thing I'm interested in. So where's the code right there. I grab that code and I'm gonna put this check box into the template code, into doc meta. There's my doc meta template being embedded there. I roll down and there's the, let's make it a bit more compact, there's my, there it is. There's my doc meta template and what I want to do is inside this same data context, I'm gonna drop in a check box, which basically says private. Okay, and let's just see how that looks in the interface. That gives me a little private check box under there which is great. And then I need to connect an event listener to it. I need to put a special class on the check box and then figure out how I can deal with the event back in the JavaScript so first of all, add the special class, and it goes here. Class equals js tog private as in toggling that field there. And then I go back into my js and I'm gonna write a new event listener on the doc meta template. So template dot doc meta dot events. After you've done a bit of this you get reasonably fluent with sort of writing all this stuff. Especially if you use a nice text editor like this one. And the event is a click on js toggle, don't forget the full stop, and its function which receives an event, and first of all let's just do console log. Now I happen to know that you can get the state of the check box by calling event dot target dot checked. So event dot target gives me access to the thing that actually they clipped on or whatever is related to the event. The web page, so in this case that's the check box and check is a property that check boxes have which is either true or false depending what state they're in. Let's just see if we see the correct state of the check box there. I click on it it's now checked and I'm, true is being printed out. Click on it again it's now false. False is being printed out. My next step is to take that information and use it to update the documents to set a private flag on it to true or false. And so I do that by calling a method. Now, remember that we're no longer just doing inserts and updates wherever we, once in our code. We have to do it through a method. And that's more secure. I'm gonna say meteor. Well first of all I wanna know what my document ID is. And so I'll create a little, I'm gonna create a little object, which I'm gonna send to the method, which tells it what I wanna do. And the object is gonna look like this. Var doc equals and, and the document ID, so I'm going to set an ID on the document to, the session, get doc ID, so that's always going to be the current document that's being edited so I can only toggle private, public on the current document. Even though I could access the real document that's imbedded in the template or whatever. I'm gonna force it to be the currently edited document. And I'm gonna set a private field to, well let's call it is private. To the value of the form there. So as we saw earlier true or false. Right? I'm going to create this document thing, and then I call meteor method, and the method's going to be called update doc. Privacy and I'm going to post it in my doc there. Then I need to write this method. I'm just going to jump down to the bottom of the code there, more or less where I'm writing my method. There's one of the methods, and the method is called update doc privacy, and so I'll put it in here. Update doc privacy function as usual. And. I'm gonna let it receive a doc. And it's gonna, let's just logout the doc to make sure we're getting it okay into the method. And it's always good to check the data that's coming into your functions before you kind of think, oh, that's all gone horribly wrong. It's always good to check what you're working with. So I'll say that I'm in the method, and I've got that. Okay, syntax error. What have I done wrong? I've forgotten the comma. Okay, meteor method is not a function. That's right. So, I go back here. Because I don't call a method by calling meteor method, I call it by saying meteor call, fair enough. Back in, reload. Let's toggle it. Okay, update privacy method, and I'm receiving that object which I created. That's good, so the method is receiving the correct data. The final step is to actually do the update on the database. And I would go back into the method, and say. What I can do is, I can pull out the document I want to update, and then set that private field to what it should be. So I can do it like this. Var real doc equals documents find one where the ID equals doc dot ID, okay. And if I've got a real doc, then real doc dot is private is going to be set to doc dot is. Private and then I do documents dot update. Same filter. And pass it real doc. Okay so this means that I sort of pass a really simple bit of data from the client's side into the method. And the method does the work of kind of checking that yeah, this document exists. Then it could also check if you're the owner, that kind of thing, so that other people can't toggle it. That's probably a good thing we should put in here. We could in fact find one and say, owner Is this dot user ID, there we go. Now, it has to have the ID of the document listed and it has to be owned by the current user so that's more secure. And then if we get a document, then go ahead update the private field and then store it back into the database. And so, we'll just run this if we've got any problems, okay. No errors. And if I go into the database with our old friend meteor mongo. Oops. Let's go into there. Meteor Mongo. Here it is. And I do that. Okay. So I've just, all I've done is, I've called db documents find. I'm printing out all of the documents that's coming back. You see private is set to true. Let's just check if that talleys with what I can see in interface. Currently private is indeed set to true. If I set it to false. Then it should now be false. Right. That's correct and nothing else has changed cause I haven't allowed it to update any of the other fields. It's kind of limiting what that method can do. It can only change the private field and only if they own it. Okay. So that's cool and the next step is to control which list of documents you can see based on whether they're public or private. And we'll do that in the next lesson. [MUSIC]