Reputation: 470
Updating Meteor.users
I've created a form for users to update their profiles. When I submit the form I'm receiving a [403] error.
Not permitted. Untrusted code may only update documents by ID.
My question is, if I'm going to use Meteor.users.allow, where - in what file/directory - do I write this code?
Thanks, Nathan
Upvotes: 9
Views: 13622
Answers (1)
Reputation: 75945
The error you're getting is not a result of your allow/deny rules. You would get a straight 'Access Denied' error if it were.
When updating your users (as well as having the correct allow rules in place) you need to update your user by their _id- especially if they are being updated on the client end.
So instead of
Meteor.users.update({name: "etc"}, {$set:..});
You need to split it in two, one to get the _id and then one to update your document on that.
var user = Meteor.users.findOne({name: 'etc'});
Meteor.users.update({_id: user._id}, {$set:..});
The rule is on the client you can only use _id to find the document when updating.
Upvotes: 18
Related Questions
- How to update the content of Meteor.user().profile attributes?
- Updating user profile details in meteor not working
- Meteor user profile update
- Meteor update user profile
- How to partly update meteor.users.profile?
- Using Meteor.users.update to update selected users data
- Updating Meteor.users from client
- how to update users for Meteor in the console
- Meteor.users maintaining users
- How to update the current user (Accounts)