Can you use the email as admin access? If so, can I safely use it on the client with Meteor.user().emails[0].address==‘my_email’?
- never trust the client
- there is a roles package which is suitable for this case: https://github.com/alanning/meteor-roles
I’ve seen that but might be a bit overkill for my needs. Thought I just could do a simple thing only for me using the email address.
There are some aspects you have to consider (no matter if you do a simple email check or using the roles-package):
- prevent non-admin-users from seeing admin-ui (can be done on the client)
- prevent non-admin-users from seeing admin-only-data (has to be done on the server (in publications))
- prevent non-admin-users from manipulating admin-only-data (has to be done on the server (in methods))
So you can check if a user is an admin by checking his email, but you have to do this not only on the client.
you can just make a secret code and whenever a method is called with that in the parameters, it runs
2 Likes