Meteor.users CRUD for directory

sidae · January 20, 2016, 9:47pm

I have account-password and alanning:roles installed. I want admins to be able to update users’ credentials.

In /server/publish.js

Meteor.startup(function () {

  Meteor.users.allow({
    insert: function(userId, doc) {
      if(this.userId && Roles.userIsInRole(this.userId, ['admin'], 'default_group')) {
        return true;
      }
      return false;
    },
    update: function(userID, doc, fieldss, modifier) {
      if(this.userId && Roles.userIsInRole(this.userId, ['admin'], 'default_group')) {
        return true;
      }
      return false;
    }
  });
  Meteor.publish("directory", function() {
    if(this.userId && Roles.userIsInRole(this.userId, ['admin'], 'default_group')) {
      return Meteor.users.find({}, {fields:{emails:1, profile:1, roles:1}});
    } else {
      return [];
    }
  });
});

On the client I have (I’ve left out the form code)

var id = $('[name=edit_user_id]').val();

var email = $('[name=edit_user_email]').val().toLowerCase();
var fullname = $('[name=edit_user_fullname]').val();

Meteor.users.update( {_id: id }, { $set: {'profile.fullname': fullname, 'emails.0.address': email} });

Output is: update failed: Access denied

Anybody see what I’m doing wrong?

MellowProgrammer · January 20, 2016, 10:54pm

How are you using adding the roles? Are you sure you’re adding those with the admin role to the ‘default_group’ group?

sidae · January 20, 2016, 11:04pm

Yes, I use the admin role in other parts of my code and it works well.

juliakoe · January 25, 2016, 4:27am

Good or bad, I created a separate “profiles” table in mongo to specifically address the issue with users table seemingly being guarded by meteor. I have to admit that I come from years of dealing with SQL, so my mindset is still SQL, that is having a separate table. But in this case it worked well.