Error: Unrecognized logical operator: $in

$in is a valid MongoDB operator. Is $in not a supported operator in Meteor client-side?

Exception while simulating the effect of invoking 'Cards.delete' Error: Unrecognized logical operator: $in

This happens on a client-side method call. It seems to work fine on the server-side, as after a moment the UI refreshes as expected. Only the client-side simulation fails.

Can you share the exact command you are trying to run on the client? Collection.find definitely works with $in, I am using it.

Collection.update/Collection.delete MUST use _id as selector, as described in the docs.

Untrusted code can only modify a single document at once, specified by its _id. The modification is allowed only after checking any applicable allow and deny rules. The number of affected documents will be returned to the callback. Untrusted code cannot perform upserts, except in insecure mode.

Hi @jamgold. I’m doing something like these two (But Meteor client-side doesn’t report line numbers or even the error file, so I don’t actually know which line is messing up):

          Items.find({_id: {$in: arrayOfIds}}).fetch()
          Cards.remove({_id: {$in: arrayOfIds}})

The only file/line number that Meteor reports is somewhere in debug.js where the error gets handled.

I am pretty sure that is the offending line

The method that it’s in is defined for both client and server. I don’t see why it isn’t possible to make this simulation work on the client side considering that the real execution happens on the server-side. Removing multiple things at once in a client-side simulation doesn’t seem like a security concern because, well, it’s a simulation. :laughing:

As far as I know you can only remove single documents from the client side.

Source: http://docs.meteor.com/#/full/remove

Untrusted code can only remove a single document at a time, specified by its _id. The document is removed only after checking any applicable allow and deny rules. The number of removed documents will be returned to the callback.

Untrusted code = Client side code

Solution:

if (Meteor.isServer) {
  Cards.remove({_id: {$in: arrayOfIds}});
} else {
  arrayOfIds.forEach(function (id) {
    Cards.remove(id);
  });
}
1 Like

A for loop is just extra code, but it’s not any more secure. MDG may as well let us use $in since we’re gonna do it with a for loop anyways.