Permissions with different groups


#1

Hi

First post here. Been a developer for a long time and have kept my eyes at meteor since 0.4 but it wasn’t until I found angularJS-Meteor last week that I finally got to start using meteor. I’m migrating a personal project that I’m working on from Angular/PHP (Laravel 5) to Angular - Meteor and I’m blown away by the flexibility and possibilities that come with real time sync of data in meteor. Wonderful.

Now to my question, my project involves items that are shared between users who are member of a certain group. I’ve put a ID on the user.profile to know which group a user belong to. Now I want to create sharable items that are owned by a group not a user.
My question is how do I save these items in my db?

There is a function, collection.allow that seems to be the recommended way to control data being saved into a collection, but it seems to be hardcoded to only verify against the userId. My items can be edited by any member of the group so their ownership can not be verified against userId
What is the correct way to save items and be able to set up similar conditions as allow that can check other values than userId?


#2

collection#allow isn’t restricted to userId, it’s a policy function that provides userId as an argument you can use when deciding whether to allow or not the insert/update/remove operation:

collection.allow({

insert: function(userId, doc) {

// you can use the passed doc object to check more fields
// or fetch the user by the userId and check if they belong to the expected group etc
}
});

However, if your insert/update/remove logic is more elaborate and involves various validation or additional data manipulations, I’d advise encapsulating the operation in a Meteor.method

if you still prefer using policy functions, you may want to look into this:

it’s a package which “evolves” from Meteor’s basic policy and lets you write reusable, readable policy rules (at least, in my opinion)


#3

Thanks for the quick help.
I’ll start with using the allow function and then if I need I’ll look into the other options.