For bdd CRUD i write my Collection.insert , update, etc in a ValidatedMethod (mdg:validated-method) and call these methods from the client.
// /object/methods.js
export const insertObject = new ValidatedMethod({
name: 'insertObject',
run({object}) {
ObjectCollection.insert(object);
},
});
// /object/view.js
import {insertObject} from './methods.js'
insertObject.call(object , callback());
Is the bdd operation code protected (not on the client) by the used of Validatedmethod? Despise the import of the file.
Or do i need to put bdd code in a /server directory?
It bugs me cause on https://github.com/meteor/todos the crud methods are not in a /server folder, exposing them to the client...
note: unsecure package is removed.
If you import a method to client code, that method will be visible to client side. To avoid that you could just use Meteor.call or Meteor.apply to execute the method.