Getting profile for current user

Hello, this code is in my header and basically if someone is logged in and they click profile it should take them to their profile page. However, the 2nd code block (inside of profile.html) is getting fired.

 {{#if currentUser }}
            <a href="/profile?id={{_id}}"><img src="images/header/profile.png" draggable="false" style="position: absolute; top: 35px; left: 975px; z-index: 4;"/></a>
            {{else}}
            <a href="/profile"><img src="images/header/profile.png" draggable="false" style="position: absolute; top: 35px; left: 975px; z-index: 4;"/></a>
            {{/if}}

Here is the profile code that fires. Unfortunately, when I am logged in and navigate to profile from the header it fires off the else statement. Can you see where I went wrong here? I have a separate list where I can view other users profiles.

{{#if loggedInUser}}
            {{#each loggedInUser}}
show profile
{{/each}}  

         {{else}}
            <h2 id="signinError">Please <a href="/signin">Sign In</a> first!</h2>
         {{/if}}  

The problem is with the second code block you posted? What’s the code for the “loggedInUser” helper?

/profile?id={{_id}} What _id do you have there?

In any case, you only want to show the personal profile or can anyone see everyones profile by adding userId in url?

If it should only be possible to see your own profile you do not need to send the id in the url, just use Meteor.userId() in the helper that pulls the profile data.

If you want everyone to see the all profiles, then I suggest you use something other than the internal userId in the url since it has a kind of extra security value. Keep it hidden

Template.profile.helpers({
        loggedInUser: function() {
            return Meteor.users.find({_id: Router.current().params.query.id}).fetch();

If I dont use userId then what do I use for profile? What makes userId secure and why should I keep it safe? Can’t anyone query for it on client side?

Your variable names are confusing me a little. You have a helper called loggedInUsers - plural - which suggests somehow you wish to see a list of all users who are logged in? Or do you want the current user who is logged in in this session?

Then you are querying all users with a single ID from the route which will only ever return one user.

In any case, iirc the profile property is only available on the client for the current user in this session unless you make it explicitly available via a publication. Pretty sure that’s the case. But I can’t see how that would force your blaze template to go down the wrong branch.

Sorry not much help.

Oh, try changing {{_id}} in the above to {{currentUser._id}}.

That works perfectly, thank you!

1 Like