Hello everyone.
I am using alanning:roles package to manage permissions. So checking roles in every publication seems to be annoying.
Is there any package that allows to use publications in regular way, but under the hood check permissions from dedicated collection to this.userId to subscribe to certain publication?
How many different publications do you have?
Hmm…>30 and count grows. I wasn’t pretty honest. We’ve already have that collection with permissions and an ugly function that we have to run in every publication. So…
@sashko am I too brazen with my requirements?
Haha no, just wondering what you mean when you say annoying. 30 is a lot, I agree.
If you’re going to have the same security rules, why not define a wrapper function for your publications? For example:
function myAuthorizedPublish(name, handler) {
Meteor.publish(name, function(...args) {
doPermissionsCheck(this);
handler.apply(this, args);
});
}
No Meteor features or packages required! And you can add whatever options you need to the wrapper.
I’ll send reference to this discussion to my team.
@sashko, thank you. Great to have feedback from Meteor developer.
How easily can we switch between mongodb users in our app?
Is it possible to have two connections to the same db and switch as needed?
With Collection-Level Access Control on mongoDB 3.0 it would be nice to be able to use a role based access control on database level.
nice technique. I’ve been working hard on drying up my code considerably with meteor - most of my modules now use only one publish function with a fairly robust query and option managing mechanism, and this is another nice approach to cleaning things up. cheers.
there is also another approach
looks interesting