Luca
Reputation: 558
Meteor mongo: Untrusted code may only update documents by ID. [403]
The following snippet gives me the error:
Households.update({
_id: Meteor.user().profile.myHousehold,
"shoppingList.name" : this.name},
{"$set" : {
"shoppingList.$.checked" : checked
}
});
Wot? I am updating by id. As a workaround, I could of course simply replace the whole array shoppingList, but that would be brute force.
Upvotes: 2
Views: 1552
Answers (2)
saimeunt
Reputation: 22696
For a client only solution you could rely on this trick :
var households = Houseolds.find({
_id: Meteor.user().profile.myHousehold,
"shoppingList.name" : this.name
});
households.forEach(function(houseold){
Households.update(houseold._id, {
$set: {
"shoppingList.$.checked" : checked
}
});
});
Upvotes: 2
sbking
Reputation: 7680
The proper pattern for using complex update/delete selectors with latency compensation is to use a Meteor method.
Shared code:
Meteor.methods({
setHouseholdChecked: function(shoppingListName, checked) {
check(this.userId, String);
check(shoppingListName, String);
check(checked, Boolean);
Households.update({
_id: Meteor.user().profile.myHousehold,
"shoppingList.name" : shoppingListName
}, {
$set: {
"shoppingList.$.checked" : checked
}
});
}
});
Client code:
Meteor.call('setHouseholdChecked', this.name, checked);
Upvotes: 6
Related Questions
- Understanding "Not permitted. Untrusted code may only update documents by ID." Meteor error
- Uncaught Error: Not permitted. Untrusted code may only update documents by ID. [403]
- Meteor update collection error
- Meteor update access denied despite presence of insecure
- Meteor : updating collection fail
- Meteor: mongodb update not working
- Meteor Update collection - Uncaught Error: Not permitted. Untrusted code may only update documents by ID. [403]
- Update document in Meteor allow function
- Meteor Mongo update Invalid Query
- meteor wont update data in mongodb