javascript - Meteor.userId from the client - changing shows user email, correct behavior? -

August 15, 2013

i looking @ question's answer regarding changing userid client side , following along not getting expected results;

i followed steps 1 through 5 fine no issues set userid() user i'd logged out in separate browser using meteor.default_connection.setuserid('usersfjhjdskfh');

rather display spinny in place of email address since server shouldn't returning data, displayed actual user's email address i'd used there. (it did not however, bring party information , show on map).

is intended behavior , missed point of last answer given in december or has changed? (i'm running meteor 0.6.2 , both insecure , autopublish removed example)

im assuming want change user's _id , not change logged in user via id. change user id like

meteor.users.update(meteor.userid(), {$set:{_id:<new id>}});

assuming have correct permissions in place meteor.users.allow. should change _id of current logged in user.

the previous question demonstrated security when changing local client side meteor functions , how affect server. meteor server doesn't trust client , double checks allow/deny rules before changing whatever data may current logged in user. user need logged in change data them on mongodb database on server allow/deny rules comitted.

Search This Blog

Detect

javascript - Meteor.userId from the client - changing shows user email, correct behavior? -

Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

jquery - Fancybox - apply a function to several elements -

An easy way to program an Android keyboard layout app -