Why do i not get through to my Meteor.method on the server?

Question

I'm trying to add a url to the logged in users collection. My final goal at least is to be able to add a field e.g {profilePicture: 'http://randompic.com/123.png'}

What i've tried so far is:

<template name="profile">
  <h1>My Profile</h1>
  <form class="form-inline"action="">
    <label for="url"></label>
    <input class="input input-large" type="url" name="url" placeholder="URL for you image..." id="url">
    <button class="btn btn-success submit">Update profile picture</button>
  </form>
</template>

When the user will press the Update profile picture -button i send it to this helper function:

Template.profile.events({
  'click .submit': function (evt, tmpl) {
    var userid = Meteor.userId();
    var url = tmpl.find('#url').value;
    var options = {_id: userid, profilePicture: url};
    Meteor.call('addToProfile', options);
  }
});

I have tried to alert out option._id and options.profilePicture and i have that data availble. Now when i pass it along to my server.js file i get no output of my alert:

Meteor.methods({
  'addToProfile': function(options) {

  //Not even this alert will show.. 

    alert(options._id);    Edit: console.log() works on the server thought.
  } 
})

So that is my first issue.

The second problem (to come) is that i don't know how to update/add to the users collection with this profilePicture data. Would really appreciate if someone could contribute with a small example of that part.

Answer 1

Based on the comments everything seems to be functioning as expected. It appears that you are just trying to update some user data on the client. Since you have the insecure package removed you need to validate the updates on the server (that the client requests), this is how you would do that:

// only applies to client requests
Meteor.users.allow({
    // validation for user inserts
    insert: function ( userId, doc ) {

        // perform any checks on data that you want to perform, like checking to see if the current user is an admin.

        // this check just requests that a user be logged in
        return userId;
    }
    , 
    // is your validation for user updates
    update: function ( userId, doc, fields, modifier ) {

        // again, perform any validation you want. A typical check is to make sure they didn't add any extra fields.

        // this makes sure a user is logged in and that they are only attempting to update themself
        return userId === doc._id;
    }
});

There are some more thorough examples in the docs. Now you can just call update like you normally would and rely on the server to perform any validation!