Users Subscriptions

[rakirox]

Whenever you make a login, it auto subscribes to the user data and it's receives in (onDataAdded) wich it's okay.

But I would like to limit what data is receiving. How/Where (in meteor side) I limit this content? I'm guessing that I have to make a custom subscription overriding the default one from Accounts, do I?

Thanks!

[ocram]

Thanks for your question!

Are you still including the autopublish package? If so, that users collection should probably just go away as soon as you drop that package.

In general, you may want to read the official Meteor docs regarding publish/subscribe.

After removing the autopublish package, the collection should only include your own user data, in case it's still not gone.

Does that help?

[rakirox]

Actually I removed long ago. But I found what I meant in documentations. http://docs.meteor.com/#/full/meteor_users

By default, the current user's username, emails and profile are published to the client. You can publish additional fields for the current user with: Meteor.publish("userData", function () { if (this.userId) { return Meteor.users.find({_id: this.userId}, {fields: {'other': 1, 'things': 1}}); } else { this.ready(); } });

Cheers man! this project is awesome! and I would love to see the minimongo(I did read the other issue) project implemented on this. It would give a big hype.

[ocram]

Thank you so much!

By default, the current user's username, emails and profile are published to the client.

So this is the answer you were looking for? Does this mean that this issue has been resolved for you?

Regarding minimongo, are you referring to this issue? If so, you can actually use it today already. You just have to update your Gradle dependency as described there. As soon as somebody has tested this, it will be in the next release.

[rakirox]

I thought it would solve my problem but it didn't I'm still retrieving data I don't want to. Meteor.publish("userData", function () { if (this.userId) { return Meteor.users.find( {_id: this.userId}, { fields: { 'profile.pos': 0 } } ); } else { this.ready(); } }); (with 'profile.pos' is an array of locations updates) and yes, I referred that issue. I'll give a try later tonight

[ocram]

What data are you receiving that you don't actually want? Or are you receiving less data than you actually want, since you're using that userData publication?

So what is the data you are receiving and what is the data you actually want to receive? Can you give exemplary data structures?

Your code looks good. Except, maybe, for the { 'profile.pos': 0 } which I can't verify, of course.

Did you subscribe to userData on the client (Android)?

[rakirox]

Well first I found this http://stackoverflow.com/questions/21322509/meteor-loginwithpassword-callback-doesnt-provide-custom-object-in-user-accounts it looks when you "loginWithPassword" somehow it auto subscribe to user's data wich in my case is: `---- E/collectionName: users ---- E/updatedValuesJson: {"profile":{"name":"Carlos Palmero","type":"Driver","boss":"XSaKsYLJhFvTnpfWy","pos":[{"timestamp":1458153529614,"latitude":26.66666,"longitude":-26.666666,"phoneUpdate":null,"accuracy":25.519}]

There was probably some interference with publish function in Meteor Account package: Meteor.publish(null, function() { }); where is hardcoded {profile: 1, username: 1, emails: 1}. I've tried to extend that in my app, but it didn't work

And I did not subscribe to userData I thought it would auto do it as it's doing it right now.

[ocram]

Ah, so you want to hide the field profile.pos? That means, you want to get your own profile but without that pos array?

Remember, if you've removed the autopublish package, that data will only be received by the user themself. So from a security perspective, this is fine. But you probably don't want each user to receive their own location history.

I'm not sure if that works. As you know, the fields username, emails and profile are automatically published to each user. You can certainly add fields using the approach you cited above, but I'm not sure if you can remove fields.

A solution would be not to place the pos array in the profile but somewhere else.

Anyway, it seems this is not an issue related to this library, but a pure Meteor issue, right?

[rakirox]

Yes indeed, it's a meteor issue. at first I thought it was this library but reading the code couldn't find where it subscribe to this data. So yeah, thanks for your time! I guess I'll leave it like this. as you said

that data will only be received by the user themself. So from a security perspective, this is fine.

Thanks!

[ocram]

... or maybe move that array away from profile into another property. If that array can get lots of entries, you may be sending too much data otherwise.

[rakirox]

but if I do that I would have ti implement and change my meteor client side code of the project. To manage this. Maybe later on.

[ocram]

But you should have the same problem in your JavaScript client-side code, don't you?

The profile.pos array should also be sent to your JavaScript clients. Isn't that the case?