[ISSUE] How convert Untrust Code to Trusted Code


#1

I have read the documentation meteor, and the following code is running in a Trusted Code mode, it is a server code and is within a meteor methods

export const actualizarPostVistoAgencia = new ValidatedMethod({
    name: '...',
    validate: new SimpleSchema({
        tiendaId: {...}
    }).validator(),
    run({tiendaId}) {
            const selector = {
                $and: [
                    {tiendaId: tiendaId},
                    {postVistoAgencia: false},
                    {estado: 1}
                ]};
            return Postulaciones.update(
                selector,
                {$set: {postVistoAgencia: true}},
                {multi: true}
            );
    }
});

Why only updates a document if my code is in Trusted Code mode and multi: true?
I leave the reference below:

The behavior of update differs depending on whether it is called by trusted or untrusted code. Trusted code includes server code and method code. Untrusted code includes client-side code such as event handlers and a browser’s JavaScript console.

Trusted code can modify multiple documents at once by setting multi to true, and can use an arbitrary Mongo selector to find the documents to modify. It bypasses any access control rules set up by allow and deny. The number of affected documents will be returned from the update call if you don’t pass a callback.
Untrusted code can only modify a single document at once, specified by its _id. The modification is allowed only after checking any applicable allow and deny rules. The number of affected documents will be returned to the callback. Untrusted code cannot perform upserts, except in insecure mode.