Roles - Not checking if userIsInRole()

mauriciord · November 19, 2015, 9:06pm

Hello, i’ve included alanning:roles at my project as in Readme, created the users at server/init.js

//server/init.js

var users = [
      {name:"Normal User",email:"normal@ehnormal.com.br",roles:[]},
      {name:"Usuario Secreto",email:"mauriciord@me.com",roles:['view-secrets']},
      {name:"Usuario Gerenciador",email:"mauricioreattoduarte@gmail.com",roles:['manage-users']},
      {name:"Mauricio",email:"mauricio@thcm.com.br",roles:['admin']}
    ];

    _.each(users, function (user) {
      var id;

      id = Accounts.createUser({
        email: user.email,
        password: "apple1",
        profile: { name: user.name }
      });

      if (user.roles.length > 0) {
        // Need _id of existing user record so this call must come
        // after `Accounts.createUser` or `Accounts.onCreate`
        // Roles.addUsersToRoles(id, user.roles, 'default-group');
        Meteor.users.update({_id: id}, {$set:{'emails.0.verified': true}});
        console.log("usuario criado");
        Roles.addUsersToRoles(id, user.roles, 'default-group');
        //Roles.addUsersToRoles(id, user.roles);
      }
    });

Like said in README too:

 //server/publish.js
Meteor.publish(null, function (){
  return Meteor.roles.find({})
});

But when i try to check User’s permission in routes.js: see all here

// lib/routes.js
var logado = FlowRouter.group({
  name: 'logadoRoutes',
  // se não estiver logado vai para /login
  triggersEnter: [function(context, redirect) {
    console.log('logado grupo');
    if(!Meteor.userId()) {
      FlowRouter.go('login');
    } else {
      return true;
    }
  }]
});

var admin = logado.group({
  prefix: '/admin',
  name: 'adminRoutes',
  triggersEnter: [function(context, redirect) {
    var loggedInUser = Meteor.userId();
    console.log('verificando admin ...');
    if (Roles.userIsInRole(loggedInUser, ['view-secrets', 'admin'], "default-group")) {
      return true;
      console.log('é admin -  rotas');
    }
    console.log('não é admin -  rotas');
    throw new Meteor.Error(403, "Acesso Negado");
  }]
});

I’m trying to check if logged user has an admin permission.
I’ve tried all the ways.
That check returns false, can anyone help me ?
My repository here: https://github.com/mauriciord/thomasicamargo

Best regards,
Mauricio

danjimgar · May 18, 2016, 3:55pm

Interesting… i have the same problem

hwillson · May 18, 2016, 4:21pm

This doesn’t help with the mentioned issue, but it’s worth taking note that Kadira (Flow Router) recommends against handling auth/permission checks in the router. See Meteor Routing Guide - Implementing Auth Logic and Permissions.

danjimgar · May 19, 2016, 6:12am

But… on Iron-router?

Think that is possible to check roles on client (router) ?

Help

hwillson · May 19, 2016, 1:36pm

The template level auth solution I linked to isn’t tied to a specific router, since it happens at the template level (can be used with Iron Router, Flow Router, etc.). With regards to checking roles in Iron Router, yes it’s possible. You just have to make sure that when you call Roles.userIsInRole your application roles have been published to the client first, otherwise the check will always fail. There are different ways to handle this - I haven’t worked with Iron Router in a while but you could look into leveraging the waitOn feature to wait for the roles to publish.

The following should help:

danjimgar · May 20, 2016, 7:04am

Thx a lot guy, the WaitOn was the solution!