Hi everyone,
I have more of a general question about managing admin and roles inside my app. I know the Roles package is very popular and gives a lot of possibilities but sometime, for a small app where more or less there are 2 or 3 different type of user (normal, admin, superAdmin) I tend to simply use a custom field in the User collection.
I add up a User.isAdmin = true or isSuperAdmin = true and I use this to check the rights of users. I then publish it to the user model to have it on client side and of course check the value on server side as well for every publish / method that are admin restricted.
My question is more security related : is this as secure as using the Roles package ? Is their something I am missing with my “simple” solution ?
Thanks a lot for your feedback.