I am new to Meteor. For learning purpose, I just wanted to list the emails of all users. But can only see email for logged in user.
Notes:
I am using Meteor 1.4.2
I am in development environment. So, I
haven't removed 'insecure' or 'autopublish'. I know it's a bad
practice. But this is just for a quick start.
My Template helper looks like:
Template.usersList.helpers({
users () {
return Meteor.users.find({}, {fields: {'username': 1, emails:1}});
},
email(){
if(typeof this.emails === 'undefined'){
console.error(this.emails, "Unauthorized Attempt");
return "--NaN--";
} else {
return this.emails[0].address;
}
}
});
Blaze template:
<template name="usersList">
This is Users List
<ul>
{{#each users}}
<li>{{username}} | {{email}}</li>
{{/each}}
</ul>
</template>
In result, it shows Username for all of the users. And only shows email of logged in user. For other users the "emails" array is returned as undefined.
jessica | dad#email.com
Waqas | --NaN--
Bob | --NaN--
In above result jessica is logged in user. Can't see other user's email.
Can someone please tell me how to display emails for all users. Or please point me in the right direction?
Thanks,
Ahmad
You can add this on the server:
Meteor.publish("userData", function () {
return Meteor.users.find();
});
And this on the client:
Meteor.subscribe("userData");
For more details, see the documentation.
Mind you, you probably want to limit what you will eventually actually publish to clients. But I think you get the idea. Meteor.users is just a collection, so you can publish from it just like you would from any other collection.
Just found that I had to use pub/sub. So, following worked for me:
// in server
Meteor.publish("userList", function () {
return Meteor.users.find({}, {fields: {emails: 1}});
});
// in client
Meteor.subscribe("userList");
Related
I want to publish some limited user information about my users, the idea is that the admin role of my web app can view the emailaddress and username (last one is in the profile data).
Meteor.publish("usersSpecificDataforAdmin", function () {
return Meteor.users.find({}, {fields: {
'profile': 1,
'emails': 1,
'roles': 1
}});
});
I'm then subscribing to this in my router:
adminRoutes.route('/users', {
name: 'adminUsersList',
subscriptions: function (params, queryParams) {
this.register('adminUsersList', Meteor.subscribe('usersSpecificDataforAdmin'));
},
action: function (params, queryParams) {
BlazeLayout.render('layout_frontend', {
top: 'menu',
main: 'adminUsersList',
footer: 'footer'
});
}
});
In the template, I'm using the following to display the email address of the user: '{{emails.address}}', but that doesn't work. I can display all other info.
I have following questions:
how can I display the email address of the user in the template
even when I don't add the password or services fields in the publishing, it is send to the client (doing Meteor.user()) is revealing all the info, including passwords etc, which is a security issue in my opinion. How can I disable the publication of this?
Several things:
You don't need to include _id in the list of fields to be published, it is always included
You're publishing allUserData but your router code is subscribing to usersAllforAdmin which you're not showing code for. I suspect that publication is including services
Passwords are not stored anywhere in Meteor, only the bcrypt hash of the password is stored in services
emails is an array, you can't access it with {{emails.address}} in spacebars, instead use {{emails.[0].address}} (reference)
I have basic project in Meteor created from Meteor-admin stub: (https://github.com/yogiben/meteor-admin)
I need to display avatars for all users, not only current one.
For displaying user's avatar I need his email address. (I am using utilities:avatar https://atmospherejs.com/utilities/avatar)
Question: what adjustments to project should I make to be able to access other users' data?
It probably has something to do with publishing users.
At the moment I have:
{{> avatar user=getAuthor shape="circle" size="small"}}
getAuthor: ->
console.log 'Owner:'
console.log #owner
user = Meteor.users.findOne(#owner)
console.log user
user
This correctly prints Owner: #owner (id) for all users, but user object is only populated for current user.
I also have this code in server-side:
Meteor.publishComposite 'user', ->
find: ->
Meteor.users.find _id: #userId
children: [
find: (user) ->
_id = user.profile?.picture or null
ProfilePictures.find _id: _id
]
(children / ProfilePicture are irrelevent)
I think account-base library turns publishing off or something? Thanks for help!
Bonus question: I would like to access only some info about an user (email address).
If you remove the package autopublish, you need to specify explicitly what the server sends to the client. You can do this via Meteor.publish and Meteor.subscribe.
For instance, to publish the email addresses of all users you could do:
if (Meteor.isServer) {
Meteor.publish('emailAddresses', function() {
return Meteor.users.find({}, {
fields: {
'email': 1
}
});
});
}
After that, you need to subscribe to the publication on the client:
if (Meteor.isClient) {
Meteor.subscribe("emailAddresses");
}
Read more about Meteor's publish and subscribe functionality.
Having collection: Meteor.users
To access other users data just publish it on the server-side:
Meteor.publish 'userData', ->
Meteor.users.find()
On client side you don't have to use any userData reference. Just access it:
Meteor.users.findOne(someId)
To allow access to only specific information, publish it with fields parameter:
Meteor.publish 'userData', ->
Meteor.users.find({},{fields: {'_id', 'emails', 'username'}})
I'm trying to publish all users to admins only but ommitting certain data (In this case an API key which is supposed to be "private" to each user, I realize that the admin can most likely check the database but let's ignore the security implications for now).
So the basic idea is that a user can see his own profile completely and no one else. An admin can see his own complete profile and a censored version of all other user's profiles. For this I have the following publish code:
Meteor.publish('currentUser', function() {
return Meteor.users.find({_id: this.userId}, {fields: {'profile.apiKey': true}});
});
Meteor.publish('allUsers', function() {
var currentUser = Meteor.users.findOne(this.userId);
return currentUser && currentUser.profile.admin ?
Meteor.users.find({}, {sort: ['username', 'asc'], fields: {'profile.apiKey': false}}) : null;
});
The problem is that the apiKey field doesn't get published after logging in. Ie. if I simply login as an admin the admin's apiKey won't be available until the page is reloaded. Removing the restriction from the 'allUsers' publish function solves the issue so it must have something to do with this. Is there any way to force Meteor to reload the subscriptions after a login?
I want to use a reactive counter var on server side. But I can not guess how to do it without using collections.
I expect {{count}} will be updated after server count var changed without refresh a page or how to send a client that the count was changed?
<body>
{{> test }}
</body>
<template name="test">
{{count}}
</template>
client:
Meteor.call('count', function(err, result) {
console.log(result)
Session.set('count', result)
})
Template.test.helpers({
count: function () {
return Session.get('count')
}
});
server:
var count=0
Meteor.startup(function () {
Meteor.setInterval(function() {
count++
}, 1000)
});
Meteor.methods({
count: function() {
return count
}
})
My code on MeteorPad
I want to see what I expect:
Client:
Meteor.subscribe('count')
Template.test.helpers({
count: function () {
return Counter.findOne().count
}
});
Common:
Counter = new Mongo.Collection('count')
Server:
Meteor.publish('count', function() {
return Counter.find()
})
Meteor.startup(function () {
if(Counter.find().count() === 0) {
Counter.insert({count: 0})
}
Meteor.setInterval(function() {
Counter.update({}, {$inc: {count: 1}})
}, 1000)
});
Example on meteorpad
It depends on how you plan to scale your application. If you plan to scale to multiple server instances then you cannot rely on the servers sharing information automatically. In this case it would be best to create a collection named something like "ApplicationState". Then every instance of your application can use a consistent state, and you can make use of the built in subscriptions.
If you plan to only use a single server instance then you should checkout the documentation on Tracker: http://manual.meteor.com/#tracker. This allows you to defined custom dependencies on data. I have not had the chance to play with it yet, but I am pretty sure that you can create something similar to subscriptions: http://manual.meteor.com/#deps-creatingreactivevalues
Your code does not work as the way you want it because regular plain vars are not reactive data sources. The docs has a list of reactive data sources here http://docs.meteor.com/#/full/reactivity - So for your example to work you'd want to use Session or ReactiveVar - but these only works on the client so they wont help you here.
Your best bet is to create a manual publish function and subscribe to it from the client (or as other people has proposed, use a Collection - which would work across multiple servers as well). Hope that helps!
The only way I have found to delete user accounts in meteor (other than emptying the database with mrt reset), is by actually logging into that specific user account, and deleting the account from the console, using:
Meteor.users.remove('the user id');
But like I said, I need to be logged in as that specific user, and have not been able to find a solution which enables me to delete any user from the db. I'm sure it has something to do with permissions or roles, but I am not sure how to proceed / what is the best solution / how to set an administrative role for a particular user, so that I can delete different user accounts.
You could do
meteor mongo
or
meteor mongo myapp.meteor.com for a deployed app
Then
db.users.remove({_id:<user id>});
I wouldn't recommend it but if you want to delete any user without being logged in from meteor you would need to modify the allow rules. But deleting a user is a very unlikely event hence the above might be the best way to do it.
Anyway if you do want, modify the Meteor.users.allow({remove:function() { return true }); property. See http://docs.meteor.com/#allow. You could add in some custom logic there so it'll only let you do so if you're the admin
I was having trouble doing this on nitrous.io because I couldn't open both Meteor and Mongo. I put:
Meteor.users.remove(' the _id of the user ');
in the isServer section to remove the user.
If anyone is still looking for an answer to this question, I have outlined my solution below.
When I create a new user, I add a field called role in my user document. If I want a user to be able to remove other users from the Meteor.users collection, I give him a role of administrator. If not, I give him a role of member. So, my user document looks something like this -
{
"_id" : ...,
"createdAt" : ...,
"services" : {...},
"username" : "test",
"profile" : {
"name" : "Test Name",
"role" : "administrator"
}
}
On the client, I have a list of users (added using a #each template tag) with a remove button next to each user. A user has to login to see this list. I defined an event handler for the remove button -
'click #remove-user-btn': function () {
Meteor.users.remove({ _id: this._id }, function (error, result) {
if (error) {
console.log("Error removing user: ", error);
} else {
console.log("Number of users removed: " + result);
}
})
}
However, Meteor.users does not allow remove operations from the client by default. So, you have to edit the Meteor.users.allow callback in the server as shown below to allow the users to be removed from the client side. But we need to make sure that only a user with an administrator role is allowed this privilege.
Meteor.users.allow({
remove: function (userId, doc) {
var currentUser, userRole;
currentUser = Meteor.users.findOne({ _id: userId }, { fields: { 'profile.role': 1 } });
userRole = currentUser.profile && currentUser.profile.role;
if (userRole === "administrator" && userId !== doc._id) {
console.log("Access granted. You are an administrator and you are not trying to delete your own document.");
return true;
} else {
console.log("Access denied. You are not an administrator or you are trying to delete your own document.");
return false;
}
},
fetch: []
});
This is the general idea. You can build upon this to suit your needs.
Here are the steps to delete user from mongo through console:
step 1: open new console
step 2: change diretory to your app such as (cd myapp)
step 3 : enter command meteor mongo
step 4: make sure there exists a table called users, db.users.find({});
step 5: find the userid of the user you wish to delete and type :
db.users.remove({_id:"nRXJCC9wTx5x6wSP2"}); // id should be within quotes