I am using collectionFS for file upload, my code is bellow. Logged user can insert image to images collection, also I can see that file is uploaded on server. Image links and download button is displaying before remove insecure package able to see images and download. After removed insecure package from project. Images are not displaying also download is not working(can retrieve image name and url), receiving access denied 403 error. What I really wanted is that signed user can insert files to server and everyone can see images, also able to download files.I wrote allow rules and also publish and subscribe. What is the problem here?
js file
if (Meteor.isClient) {
Template.myForm.events({
'change .myFileInput': function(event, template) {
FS.Utility.eachFile(event, function(file) {
var fsFile = new FS.File(event.target.files[0]);
fsFile.owner = Meteor.userId();
Images.insert(file, function (err, fileObj) {
//If !err, we have inserted new doc with ID fileObj._id, and
//kicked off the data upload using HTTP
});
});
}
});
Template.imageView.helpers({
images: function () {
return Images.find(); // Where Images is an FS.Collection instance
}
});
Meteor.subscribe('images');
}
if (Meteor.isServer) {
Meteor.startup(function () {
// code to run on server at startup
});
Meteor.publish('images', function(){
return Images.find();
});
}
Images = new FS.Collection("images", {
stores: [new FS.Store.FileSystem("images", {path: "~/uploaded"})],
});
Images.allow({
insert: function(userId, doc){
return !!userId;
},
update: function(userId, doc){
return !!userId;
},
remove: function(userId, doc){
return false;
}
});
html file
<head>
<title>uploader</title>
</head>
<body>
{{> loginButtons}}
{{> imageView}}
{{>myForm}}
</body>
<template name="imageView">
<div class="imageView">
{{#each images}}
<div>
<a href="{{this.url}}" target="_blank"><img src="{{this.url}}" alt="" class="thumbnail" />{{this.url}}</a><br/>
<strong>{{this.name}}</strong> <a href="{{this.url download=true}}" class="btn btn-primary">Download</a>
</div>
{{/each}}
</div>
</template>
<template name="myForm">
<p>
Please specify a file, or a set of files:<br>
<input type="file" name="datafile" class="myFileInput">
</p>
</template>
I am using collectionFS for file upload, my code is bellow. Logged user can insert image to images collection, also I can see that file is uploaded on server. Image links and download button is displaying before remove insecure package able to see images and download. After removed insecure package from project. Images are not displaying also download is not working(can retrieve image name and url), receiving access denied 403 error. What I really wanted is that signed user can insert files to server and everyone can see images, also able to download files.I wrote allow rules and also publish and subscribe. What is the problem here?
js file
if (Meteor.isClient) {
Template.myForm.events({
'change .myFileInput': function(event, template) {
FS.Utility.eachFile(event, function(file) {
var fsFile = new FS.File(event.target.files[0]);
fsFile.owner = Meteor.userId();
Images.insert(file, function (err, fileObj) {
//If !err, we have inserted new doc with ID fileObj._id, and
//kicked off the data upload using HTTP
});
});
}
});
Template.imageView.helpers({
images: function () {
return Images.find(); // Where Images is an FS.Collection instance
}
});
Meteor.subscribe('images');
}
if (Meteor.isServer) {
Meteor.startup(function () {
// code to run on server at startup
});
Meteor.publish('images', function(){
return Images.find();
});
}
Images = new FS.Collection("images", {
stores: [new FS.Store.FileSystem("images", {path: "~/uploaded"})],
});
Images.allow({
insert: function(userId, doc){
return !!userId;
},
update: function(userId, doc){
return !!userId;
},
remove: function(userId, doc){
return false;
}
});
html file
<head>
<title>uploader</title>
</head>
<body>
{{> loginButtons}}
{{> imageView}}
{{>myForm}}
</body>
<template name="imageView">
<div class="imageView">
{{#each images}}
<div>
<a href="{{this.url}}" target="_blank"><img src="{{this.url}}" alt="" class="thumbnail" />{{this.url}}</a><br/>
<strong>{{this.name}}</strong> <a href="{{this.url download=true}}" class="btn btn-primary">Download</a>
</div>
{{/each}}
</div>
</template>
<template name="myForm">
<p>
Please specify a file, or a set of files:<br>
<input type="file" name="datafile" class="myFileInput">
</p>
</template>
1 Answer
Reset to default 19If you have insecure and autopublish turned off, and you access your files through a subscription, I believe you just need a download var in your allow hash.
Uploads.allow({
insert:function(userId,project){
return true;
},
update:function(userId,project,fields,modifier){
return true;
},
remove:function(userId,project){
return true;
},
download:function(){
return true;
}
});