Javascript Meteor更新访问被拒绝,尽管存在不安全的
我安装了不安全的软件包,但在客户端控制台中获得了以下内容:Javascript Meteor更新访问被拒绝,尽管存在不安全的,javascript,mongodb,authentication,meteor,Javascript,Mongodb,Authentication,Meteor,我安装了不安全的软件包,但在客户端控制台中获得了以下内容: Meteor.user() Object {_id: "4Dyaa5wRmxmq7j7XF", profile: Object, services: Object}_id: "4Dyaa5wRmxmq7j7XF"profile: Objectname: "Mel Oug"__proto__: Objectservices: Objectfacebook: Object__proto__: Object__proto__: Object_
Meteor.user()
Object {_id: "4Dyaa5wRmxmq7j7XF", profile: Object, services: Object}_id: "4Dyaa5wRmxmq7j7XF"profile: Objectname: "Mel Oug"__proto__: Objectservices: Objectfacebook: Object__proto__: Object__proto__: Object__defineGetter__: function __defineGetter__() { [native code] }__defineSetter__: function __defineSetter__() { [native code] }__lookupGetter__: function __lookupGetter__() { [native code] }__lookupSetter__: function __lookupSetter__() { [native code] }constructor: function Object() { [native code] }hasOwnProperty: function hasOwnProperty() { [native code] }isPrototypeOf: function isPrototypeOf() { [native code] }propertyIsEnumerable: function propertyIsEnumerable() { [native code] }toLocaleString: function toLocaleString() { [native code] }toString: function toString() { [native code] }valueOf: function valueOf() { [native code] }get __proto__: function __proto__() { [native code] }set __proto__: function __proto__() { [native code] }
va = Meteor.user()._id
"4Dyaa5wRmxmq7j7XF"
Meteor.users.update(va, {$set: {email: 'the@aarts.com'}})
1
debug.js:41 update failed: Access denied
我不确定还应该包含哪些相关代码。我没有设置否认(或允许)规则。这是一个非常直截了当的用户设置,我只是看不出有什么可能会阻止它
以下是我收到的包裹:
ccounts-facebook 1.0.4 Login service for Facebook accounts
accounts-google 1.0.4 Login service for Google accounts
accounts-twitter 1.0.4 Login service for Twitter accounts
aldeed:autoform 5.1.2 Easily create forms with automatic insert a...
aldeed:collection2 2.3.3 Automatic validation of insert and update o...
autopublish 1.0.3 Publish the entire database to all clients
blaze 2.1.2 Meteor Reactive Templating library
cmather:handlebars-server 2.0.0 Allows handlebars templates to be defined o...
email 1.0.6 Send email messages
insecure 1.0.3 Allow all database writes by default
iron:router 1.0.7 Routing specifically designed for Meteor
meteor-platform 1.2.2 Include a standard set of Meteor packages i...
mquandalle:jade 0.4.1* Jade template language
msavin:mongol 1.0.30* The insanely handy development package for...
service-configuration 1.0.4 Manage the configuration for third-party se...
twbs:bootstrap 3.3.4 The most popular front-end framework for de...
useraccounts:bootstrap 1.8.1* Accounts Templates styled for Twitter Boots
Meteor.users集合是一个特例,具有已建立的结构和权限。即使安装了不安全的软件包,您也只能从客户端更新
user.profile
字段
这将起作用,例如:
Meteor.users.update(va, {$set: {'profile.email': 'the@aarts.com'}})
电子邮件通常从服务器代码保存,并推送到用户记录中提供的“电子邮件”数组中
“电子邮件”:[
{
“地址”:the@aarts.com",
“已验证”:错误
}
],
来自meteor文档:
默认情况下,允许用户使用Accounts.createUser指定自己的配置文件字段,并使用Meteor.Users.update对其进行修改。要允许用户编辑其他字段,请使用Meteor.users.allow
蒙古人添加了一些访问/拒绝规则,也许可以尝试删除它?或者添加允许/拒绝规则,如果它可以工作,那么某些包会添加此功能