I'm using meteor ui twitter accounts. What I'm attempting to do is basically delete all the users from the Meteor collection when the button clear is clicked on. This is my code:
HTML File:
<div ng-controller="TweetsCtrl">
<meteor-include src="loginButtons"></meteor-include>
<ul>
<br>
<div ng-repeat="t in twitterAccs">
<img src = "{{t.services.twitter.profile_image_url_https}}">
<br>
<i>@{{t.services.twitter.screenName}}</i>
<br>
<br>
</div>
<button ng-click="clearUsers()">Clear</button>
</ul>
JS File:
if (Meteor.isClient) {
angular.module('twitter-example',['angular-meteor']);
angular.module('twitter-example').controller('TweetsCtrl',['$scope','$meteor',function($scope,$meteor) {
$scope.twitterAccs = $meteor.collection(Meteor.users);
$scope.clearUsers = function () {
$scope.twitterAccs = $meteor.collection(Meteor.users.remove({}) );
console.log("hello");
}
}]);
}
I assume this is only for development purposes right? It would suck to allow a visitor to your site to delete all your users. The fact you have a nice button set up for it has me worried it's a feature!
The easiest way to do it is hook up a Meteor.method like
if (Meteor.isServer) {
Meteor.methods({
clearUsers: function() {
Meteor.users.remove({});
}
});
}
Then do a Meteor.call('clearUsers') where your console.log("hello") is. You can also run the call via the browser console, I do this setup sometimes instead of going directly to the db via the terminal.
You could also do it via allow deny rules (see: http://docs.meteor.com/#/full/allow), by default a rule is setup so a user can only edit their own profile object.
Lastly you could include the meteor package insecure (I assume you must have already removed it) which will allow anyone to edit any collections assuming you haven't set up any of the allow, deny rules mentioned above.