enable editing only for `profile` field in User document

Question

enable editing only for `profile` field in User document

achtan opened this issue 9 years ago · comments

David Durika commented 9 years ago

Hi, how to enable editing only for profile field in User document?

this is not working
Users.permit(['update']).onlyProps('profile').ifOwner().apply();

Eric Dobbertin · Answer 1 · Wed Jul 08 2015 19:56:14 GMT+0800 (China Standard Time)

What do you mean by "not working"?

What is the definition for ifOwner?

I'm assuming you aliased Meteor.users as Users?

David Durika · Answer 2 · Wed Jul 08 2015 20:15:48 GMT+0800 (China Standard Time)

yes, Users = Meteor.users
ifOwner is ok
i got permission denied when i am editing property of profile object for example profile.firstName

Eric Dobbertin · Answer 3 · Wed Jul 08 2015 20:25:41 GMT+0800 (China Standard Time)

You may have to use the Security.permit syntax:

Security.permit(['update']).collections([ Meteor.users ]).onlyProps('profile').ifOwner().apply();

Or trying putting the security pkg before the accounts packages in .meteor/packages.

Also, the security you're trying to define is the default security that the accounts package sets up, so technically there should be no need to do it again, though it should work.

David Durika · Answer 4 · Wed Jul 08 2015 20:30:49 GMT+0800 (China Standard Time)

thx, man ill try it!