I want to let my users edit their own profiles, but only their own profiles.
I’ve got this snippet which I’m pretty sure is correct to allow me to set the permissions.
ownsDocument(userId, doc) {
return doc && doc.userId === userId;
};
Meteor.users.allow({
update: this.ownsDocument
});
This is the update that I’m calling which was working until I removed insecure
.
Meteor.users.update(Meteor.userId(), {
$set: {
"data": {
"teams": teams,
"currentrole": this.profile.getRole(),
"ffanumber": this.data.ffanumber,
"userDetail": userDetail,
"contact1": contact1
}
}
}, () => {
loading.dismiss();
this.navCleanup(TopicsPage);
});
Main issue is where should I place the allow snippet?
I’m using angular2 with ionic2 and meteor