0

I have been trying to add these custom fiels into user account system of meteor under the profile, but it wasn't success. I have a modal form, which is pop up to do that and below is my code on the events.

Template.profile.events({
'submit #saveBasicProfile': function(event, template) {
    console.log("CLICK");
    event.preventDefault();
    var fullnameVar = event.target.fullname.value;
    var titleVar = event.target.title.value;
    var about_youVar = event.target.about_you.value;
    Meteor.users.update( {_id:Meteor.user()._id}, 
            { $set: 
                [{ "profile.fullname"  : fullnameVar }, 
                 { "profile.title"     : titleVar },
                 { "profile.about_you" : about_youVar } ]
            });

    //Router.go('/profile');
}

});

Duke
  • 1
  • 1
  • 6
  • Follow http://stackoverflow.com/questions/29012836/how-to-partly-update-meteor-users-profile – Salman Hasni Mar 01 '16 at 11:56
  • Do you have deny rules anywhere on the users collection? Profile is a special case and should be editable directly from the client by the profile owner regardless of whether you have insecure installed or not. – Philip Pryde Mar 01 '16 at 17:59

3 Answers3

1

Do the update in a method:

Template.profile.events({
    'submit #saveBasicProfile': function(event, template) {
       event.preventDefault();
       Meteor.call('update_profile',
           event.target.fullname.value,
           event.target.title.value,
           event.target.about_you.value,
           function(err) {
               if (err) alert(err);
               else Router.go('/profile');
           }
       );
    })
});

if (Meteor.isServer) {
    Meteor.methods({
        update_profile: function(fullname, title, about_you) {
            check(fullname, String);
            check(title, String);
            check(about_you, String);

            // ... further validation

            Meteor.users.update(Meteor.userId(), { $set: {
                'profile.fullname': fullname,
                'profile.title': title,
                'profile.about_you': about_you   
            }});
        })
    });
}
sba
  • 1,829
  • 19
  • 27
  • Hey @sba I tried your method here, but I got this error message from the browser `Error: Internal server error [500]`. Did I miss something? – Duke Mar 02 '16 at 02:36
  • I found this error in my console `Exception while simulating the effect of invoking 'update_profile' TypeError: Cannot read property 'update' of undefined(…) TypeError: Cannot read property 'update' of undefined` – Duke Mar 02 '16 at 02:38
  • Well I didn't run the code, so quite possibly there is something wrong with it. Check the server log. The error in the browser log seems to be because Meteor.user is not available on the client. So this should be avoidable by restricting it to the server. I've updated my answer so the method is only defined on the server, but it's still untested so the 500 on the server will still be there. – sba Mar 02 '16 at 15:02
0

Most probably you get "Access denied" because the client is not allowed to edit users collection. You can add allow rule for update, however it is not suggested because of possible security leaks.

You can call a server method in your template and process your update operation on server.

Areca
  • 1,292
  • 4
  • 11
  • 21
-1

Maybe the profile you're trying to update isn't the same that request it. So you can set an allow rule to Users model making possible that all users may edit the profile field.

Something like that:

Users.allow({
// clients can modify the profile field of their own document, and
// nothing else.
update: function (userId, user, fields, modifier) {
    // make sure it is our record
    if (user._id == userId)
        return true;
    else
        if(fields[0] === 'profile')
            return true;

    return false;
}
);

But, as Areca said it's a security leak, if its in production you should create a method in the server and call it from the client.

Pedro Ricardo Garcia
  • 19
  • 7
  • Unless the question has been edited, it should always be trying to update the current users profile as it is updating the profile using `Meteor.user()._id` – Philip Pryde Mar 01 '16 at 17:56
  • not really.. He can add the allow rule like shown above.. http://docs.meteor.com/#/full/allow – Pedro Ricardo Garcia Mar 02 '16 at 19:02
  • But it's being called with {_id:Meteor.user()._id} as the query parameter so it would never be a different Id unless the question is different. Not to mention that this would allow any operation on any field in the user object so long as the first field you specify is profile you can then do whatever additional operations you want on any field for any user... – Philip Pryde Mar 02 '16 at 19:53