Meteor's Tutorial Step 11

Question

For some reason I can't get the last part of Step 11 of the Meteor tutorial to work. The url for the step is here: https://www.meteor.com/try/11

The part that's not working for me is the very last step which reads "In order to finish up our private task feature, we need to add checks to our deleteTask and setChecked methods to make sure only the task owner can delete or check off a private task:"

When I add the code to the deleteTask and setChecked methods, users in other browsers can still remove and check/uncheck a different user's tasks.

This is what my deleteTask and setChecked functions look like after making the modifications. Perhaps I did it all wrong?

deleteTask: function (taskId) {
    var task = Tasks.findOne(taskId);
    if (task.private && task.owner !== Meteor.userId()) {
      // If the task is private, make sure only the owner can delete it
      throw new Meteor.Error("not-authorized");
    }  
    Tasks.remove(taskId);
},
setChecked: function (taskId, setChecked) {
    var task = Tasks.findOne(taskId);
    if (task.private && task.owner !== Meteor.userId()) {
       // If the task is private, make sure only the owner can check it off
       throw new Meteor.Error("not-authorized");
    }
    Tasks.update(taskId, { $set: { checked: setChecked} });
 },

Any thoughts?

Will · Accepted Answer

The code you implemented in step 11 prevents other users from checking/unchecking other users' private tasks.

From your code:

// If the task is **private**, make sure only the owner can delete it

Users can still check/uncheck different users' tasks if they are public.

Meteor's Tutorial Step 11

Answers (2)

Related Questions

Meteor&#39;s Tutorial Step 11

Answers (2)

Related Questions

Meteor's Tutorial Step 11