2

我有一个用户个人资料视图,用户可以在其中编辑他们的个人资料信息。下面的一切都很好,更新成功。但是,当我注销帐户并使用其他用户帐户登录时,更新失败并返回Access denied错误。直到我刷新页面,我才能使用第二个帐户再次编辑个人资料信息。

我知道这种情况非常罕见,用户通常不会退出一个帐户,用另一个帐户登录并尝试更新他们的个人资料,但我想更好地理解为什么会发生这种情况。用户注销时客户端令牌是否未刷新,或者是否有其他需要完全重新加载页面的内容被保留?

在客户端 JS 上:

Template.user_profile_form.events({
    'click #submit_profile_btn': function(evt) {
        evt.preventDefault();
        var first_name = $('#profile_first_name').val()
            ,last_name = $('#profile_last_name').val()
            ,email = $('#profile_email').val()
            ,email_lower_case = email.toLowerCase()
            ,gravatar_hash = CryptoJS.MD5(email_lower_case)
        ;

        gravatar_hash = gravatar_hash.toString(CryptoJS.enc.Hex);

        // TODO need to create user sessions so that when you log out and log back in, you have a fresh session
        Meteor.users.update({_id: this.userId }, {
            $set: {
                profile: {
                    first_name: first_name,
                    last_name: last_name,
                    gravatar_hash: gravatar_hash
                }
            }
        }, function(error) {
            if (!error) {
                Session.set('profile_edit', 'success');
                Meteor.setTimeout(function() {
                    Session.set('profile_edit', null);
                }, 3000);
            } else {
                Session.set('profile_edit', 'error');
                Template.user_profile_form.error_message = function() {
                    return error.reason;
                };
            }
        });

        Meteor.call('changeEmail', email);
    }
});

服务器JS:

Meteor.publish('list-all-users', function () {
    return Meteor.users.find({_id: this.userId }, {
        fields: {
            profile: 1,
            emails: 1
        }
    });
});

Meteor.methods({
    sendEmail: function(to, from, subject, text) {
        this.unblock();

        Email.send({
            to: to,
            from: from,
            subject: subject,
            text: text
        });
    },
    changeEmail: function(newEmail) {
        // TODO Need to validate that new e-mail does not already exist
        Meteor.users.update(Meteor.userId(), {
            $set: {
                emails: [{
                    address: newEmail,
                    verified: false
                }]
            }
        });
     }
});

模板:

<template name="user_profile_form">
    <h2>Update Profile</h2>
    <div id="profile-form">
        {{#if success}}
            <div class="alert alert-success">
                <strong>Profile updated!</strong> Your profile has been successfully updated.
            </div>
        {{/if}}
        {{#if error}}
            <div class="alert alert-error">
                <strong>Uh oh!</strong> Something went wrong and your profile was not updated. {{error_message}}.
            </div>
        {{/if}}
        <p>
            {{#each profile}}
            <input type="text" id="profile_first_name" placeholder="First Name" value="{{first_name}}">
            <input type="text" id="profile_last_name" placeholder="Last Name" value="{{last_name}}">
            {{/each}}
            <input type="email" id="profile_email" placeholder="Email" value="{{email_address}}">
        </p>
    </div>
    <div id="submit-btn">
        <input type="submit" id="submit_profile_btn" class="btn btn-primary">
    </div>
</template>
4

2 回答 2

2

Meteor 注销功能几乎什么都不做。它当然不会破坏会话状态或应用程序的其余部分。您的代码必须在应用程序的注销事件期间重置这些变量。手动刷新页面会导致客户端 JavaScript 重新加载以清除现有的 Session 数据。

于 2013-01-16T13:13:21.700 回答
0

如果您不想弄乱accounts-ui模板内部,您可以使用以下模式(CoffeeScript 代码)从Session

Deps.autorun (c) ->
  user = Meteor.user()
  if user
    # Setup code on login (if required)
  else if not user
    # Clear session on logout
    Session.set "profile_edit", undefined
于 2013-09-22T13:03:14.390 回答