Patterns for protected access to some parts of app without accounts package?


#1

Hello everybody,

this is something which I need for the second time in an app now:

I want to restrict access to some part of the app to users who entered a pin code or some other code or combination.

Is there any pattern how to limit access to specific ressources (mostly Methods and Publications) without passing some credentials with every call to a Method or every Subscription as a parameter?

What I’d like to have is something like a user account, but more temporary, without having the users cluttering up my users collection.

So some kind of persistent, authenticated Session between Server and Client per device / connection, without perusing the Users collection?

Does anybody know this - or a similar kind of beast?

Two Examples:
a) a Protected area on the page, where only users with a passcode should be able to peruse the data
b) Somewhat more complicated, but taken from real life: In a game, I want to track all the different players and their positions and data, but I don’t want to create a user for every player - they might not really have accounts, they could be anonymous etc., and I actually want to use the users collection for actual users?

I’m grateful for any answers at all, keep on coding in the free world

Daniel


#2

there are various guest/anonymous user packages on atmospehere which you can use to keep kinda “browser cookie” account


#3

Hi, thank you! That’s a good start at least, looks like artwells:accounts-guest seems to be the go-to-package for the keyword “guest”.

And still I think it’s using the Users - Collection to create anonymous users? Which I don’t particulary like, eg. we have a Backend Interface to edit the users. We could probably monkeypatch the Admin interface to ignore the anonymous users, but to me it feels icky to create dummy accounts in the Users Collection.

So if there’s a solution which wouldn’t use the Users-collection that’d be nice to know too.