javascript - Meteor.userId from the client - changing shows user email, correct behavior? -
i looking @ question's answer regarding changing userid client side , following along not getting expected results;
i followed steps 1 through 5 fine no issues set userid() user i'd logged out in separate browser using meteor.default_connection.setuserid('usersfjhjdskfh');
rather display spinny in place of email address since server shouldn't returning data, displayed actual user's email address i'd used there. (it did not however, bring party information , show on map).
is intended behavior , missed point of last answer given in december or has changed? (i'm running meteor 0.6.2 , both insecure , autopublish removed example)
im assuming want change user's _id , not change logged in user via id. change user id like
meteor.users.update(meteor.userid(), {$set:{_id:<new id>}}); assuming have correct permissions in place meteor.users.allow. should change _id of current logged in user.
the previous question demonstrated security when changing local client side meteor functions , how affect server. meteor server doesn't trust client , double checks allow/deny rules before changing whatever data may current logged in user. user need logged in change data them on mongodb database on server allow/deny rules comitted.
Comments
Post a Comment