Meteor.users.update()不适用于logout + login

时间:2013-01-16 03:52:47

标签: javascript meteor javascript-framework

我有一个用户个人资料视图,用户可以在其中编辑他们的个人资料信息以下所有内容都很有效,更新也很成功。但是,当我注销帐户并使用其他用户帐户登录时,更新失败并返回Access denied错误。直到我刷新页面,我才能再次使用第二个帐户编辑个人资料信息。

我知道这种情况非常罕见,用户通常不会退出一个帐户,登录另一个帐户并尝试更新他们的个人资料,但我想更好地理解为什么会发生这种情况。用户注销时是否未刷新客户端令牌,或者是否存在需要完全重新加载页面的其他内容?

在客户端JS上:

Template.user_profile_form.events({
    'click #submit_profile_btn': function(evt) {
        evt.preventDefault();
        var first_name = $('#profile_first_name').val()
            ,last_name = $('#profile_last_name').val()
            ,email = $('#profile_email').val()
            ,email_lower_case = email.toLowerCase()
            ,gravatar_hash = CryptoJS.MD5(email_lower_case)
        ;

        gravatar_hash = gravatar_hash.toString(CryptoJS.enc.Hex);

        // TODO need to create user sessions so that when you log out and log back in, you have a fresh session
        Meteor.users.update({_id: this.userId }, {
            $set: {
                profile: {
                    first_name: first_name,
                    last_name: last_name,
                    gravatar_hash: gravatar_hash
                }
            }
        }, function(error) {
            if (!error) {
                Session.set('profile_edit', 'success');
                Meteor.setTimeout(function() {
                    Session.set('profile_edit', null);
                }, 3000);
            } else {
                Session.set('profile_edit', 'error');
                Template.user_profile_form.error_message = function() {
                    return error.reason;
                };
            }
        });

        Meteor.call('changeEmail', email);
    }
});

服务器JS:

Meteor.publish('list-all-users', function () {
    return Meteor.users.find({_id: this.userId }, {
        fields: {
            profile: 1,
            emails: 1
        }
    });
});

Meteor.methods({
    sendEmail: function(to, from, subject, text) {
        this.unblock();

        Email.send({
            to: to,
            from: from,
            subject: subject,
            text: text
        });
    },
    changeEmail: function(newEmail) {
        // TODO Need to validate that new e-mail does not already exist
        Meteor.users.update(Meteor.userId(), {
            $set: {
                emails: [{
                    address: newEmail,
                    verified: false
                }]
            }
        });
     }
});

模板:

<template name="user_profile_form">
    <h2>Update Profile</h2>
    <div id="profile-form">
        {{#if success}}
            <div class="alert alert-success">
                <strong>Profile updated!</strong> Your profile has been successfully updated.
            </div>
        {{/if}}
        {{#if error}}
            <div class="alert alert-error">
                <strong>Uh oh!</strong> Something went wrong and your profile was not updated. {{error_message}}.
            </div>
        {{/if}}
        <p>
            {{#each profile}}
            <input type="text" id="profile_first_name" placeholder="First Name" value="{{first_name}}">
            <input type="text" id="profile_last_name" placeholder="Last Name" value="{{last_name}}">
            {{/each}}
            <input type="email" id="profile_email" placeholder="Email" value="{{email_address}}">
        </p>
    </div>
    <div id="submit-btn">
        <input type="submit" id="submit_profile_btn" class="btn btn-primary">
    </div>
</template>

2 个答案:

答案 0 :(得分:2)

Meteor注销功能几乎没有任何功能。它肯定不会拆除会话状态或应用程序上下文的其余部分。您的代码必须在应用程序的注销事件期间重置这些变量。手动刷新页面会导致客户端JavaScript重新加载,从而消除现有的会话数据。

答案 1 :(得分:0)

如果您不想弄乱 accounts-ui 模板内部,可以使用以下模式(CoffeeScript代码)清除Session中的各个变量:

Deps.autorun (c) ->
  user = Meteor.user()
  if user
    # Setup code on login (if required)
  else if not user
    # Clear session on logout
    Session.set "profile_edit", undefined
相关问题
最新问题