javascript - Meteor update access denied despite presence of insecure -
i have insecure package installed , yet following in client console:
meteor.user() object {_id: "4dyaa5wrmxmq7j7xf", profile: object, services: object}_id: "4dyaa5wrmxmq7j7xf"profile: objectname: "mel oug"__proto__: objectservices: objectfacebook: object__proto__: object__proto__: object__definegetter__: function __definegetter__() { [native code] }__definesetter__: function __definesetter__() { [native code] }__lookupgetter__: function __lookupgetter__() { [native code] }__lookupsetter__: function __lookupsetter__() { [native code] }constructor: function object() { [native code] }hasownproperty: function hasownproperty() { [native code] }isprototypeof: function isprototypeof() { [native code] }propertyisenumerable: function propertyisenumerable() { [native code] }tolocalestring: function tolocalestring() { [native code] }tostring: function tostring() { [native code] }valueof: function valueof() { [native code] }get __proto__: function __proto__() { [native code] }set __proto__: function __proto__() { [native code] } va = meteor.user()._id "4dyaa5wrmxmq7j7xf" meteor.users.update(va, {$set: {email: 'the@aarts.com'}}) 1 debug.js:41 update failed: access denied
i'm not sure other relevant code include. have no deny (or allow) rules set up. it's pretty straight forward user setup, can't see might block it.
here's packages got:
ccounts-facebook 1.0.4 login service facebook accounts accounts-google 1.0.4 login service google accounts accounts-twitter 1.0.4 login service twitter accounts aldeed:autoform 5.1.2 create forms automatic insert a... aldeed:collection2 2.3.3 automatic validation of insert , update o... autopublish 1.0.3 publish entire database clients blaze 2.1.2 meteor reactive templating library cmather:handlebars-server 2.0.0 allows handlebars templates defined o... email 1.0.6 send email messages insecure 1.0.3 allow database writes default iron:router 1.0.7 routing designed meteor meteor-platform 1.2.2 include standard set of meteor packages i... mquandalle:jade 0.4.1* jade template language msavin:mongol 1.0.30* insanely handy development package for... service-configuration 1.0.4 manage configuration third-party se... twbs:bootstrap 3.3.4 popular front-end framework de... useraccounts:bootstrap 1.8.1* accounts templates styled twitter boots
the meteor.users collection special case, established structure , permissions. allowed update user.profile
field client, insecure package installed.
this work, example:
meteor.users.update(va, {$set: {'profile.email': 'the@aarts.com'}})
emails in general saved server code , pushed provided 'emails' array in user record.
"emails" : [ { "address" : "the@aarts.com", "verified" : false } ],
from meteor docs:
users default allowed specify own profile field accounts.createuser , modify meteor.users.update. allow users edit additional fields, use meteor.users.allow.
Comments
Post a Comment