I keep getting this error:
Uncaught Error: Not permitted. Untrusted code may only update documents by ID. [403]
and here is the code:
Template.notifications.events({
'click a.clearAll':function(event){
console.log("hey");
Notifications.update({{userId:Meteor.userId()},{$set:{read:true}},{multi:true});
}
})
I've also set update permissions:
Notifications.allow({
insert: function(){
return true;
},
update: function(){
return true;
}
});
Why is it not letting me update?
The reason for this error is because you are making the update from the client, this is considered 'untrusted code' by the server.
Unless you have not yet removed the insecure package and not made any permission rules, it would otherwise work. I suggest it a good practice to always remove the insecure package by meteor remove insecure and make method/calls to execute server functions instigated by the client.
You need to make a 'call' from the client to the server, and execute the update command inside the methods function.
client:
Template.notifications.events({
'click a.clearAll':function(event){
Meteor.call('updateDocs',
function(error, result) {
if (error) {
console.log(error);
}
else {
console.log('done');
}
});
}
});
server:
Meteor.methods({
updateDocs: function() {
var userId = this.userId
if (userId) {
Notifications.update({{userId: userId},{$set:{read:true}},{multi:true});
}
return;
}
});
@meteorBuzz is correct. If you still wish to update from the client you can do so using forEach:
Notifications.find({ userId:Meteor.userId() }).forEach(function(n){
Notifications.update({ _id: n._id },{$set:{ read:true }});
});
