Search code examples
javascriptmeteormeteor-autoformmeteor-collection2meteor-methods

AutoValue not set in AutoForm with Meteor method

I have an insert form which is created using autoform, collection2 and simple schema. The createdBy field is populated with the userId using autovalue. The form worked when using meteor.allow() for the insert but I wanted to replace the allow with a method so that I can do some validating of user roles ie make sure the user has admin rights. But now I get an error that the createdBy field is empty.

The error in dev tools is:

error: 400, reason: "Created by is required", details: undefined, message: "Created by is required [400]", errorType: "Meteor.Error"}

Courses = new Mongo.Collection('Courses');

courseSchema  = new SimpleSchema({
    title: {
        type: String,
        label: "Course Title"
    },
    description: {
        type: String,
        label: "Description"
    },
    createdAt: {
        type: Date,
        autoValue: function(){
            return new Date();
        },
        autoform:{
            type: 'hidden'
        }
    },
    startDate:{
        type: String,
        label: "Start Date"
    },
    sessions: {
        type: String,
        label: "No. of sessions"
    },
    duration: {
        type: String,
        label: "Duration of the course"
    },
    price: {
        type: String,
        label: "Course Price"
    },
    createdBy:{
        type: String,
        autoValue:function(){
            return this.userId;
        },
        autoform:{
            type:'hidden'
        }
    }
});

Courses.attachSchema(courseSchema);

The method (which is available on the client and the server):

Meteor.methods({
    addCourse: function(course){
        Courses.insert(course);
    }
});

And the template where the form is generated:

<template name="adminIndex">
   <h1>Available Courses</h1>
   {{> courseList }}    
   <button type="button" class="btn btn-success btn-block">Create New Course</button>
   <h3>Create New Course</h3>
   {{>quickForm id="InsertCourseForm" collection="Courses" type="method" meteormethod="addCourse"}}
</template>
Solution

  • You need to clean the object by calling Courses.simpleSchema().clean(course); in the server method in order to add auto and default values securely. Also, please note that this.userId in your autoValue function is null for server-initiated actions, so you probably want to replace it with Meteor.userId().

    In addition, you must perform your own validation by calling check(value, pattern) in the Meteor method, because client side validation can be bypassed.

    For example:

    if (Meteor.isServer) {
  Meteor.methods({
    addCourse: function(course) {
      Courses.simpleSchema().clean(course);
      check(course, Courses.simpleSchema());
      Courses.insert(course);
    }
  });
}