Using User custom fields rather than Roles packages?

Hi everyone,

I have more of a general question about managing admin and roles inside my app. I know the Roles package is very popular and gives a lot of possibilities but sometime, for a small app where more or less there are 2 or 3 different type of user (normal, admin, superAdmin) I tend to simply use a custom field in the User collection.

I add up a User.isAdmin = true or isSuperAdmin = true and I use this to check the rights of users. I then publish it to the user model to have it on client side and of course check the value on server side as well for every publish / method that are admin restricted.

My question is more security related : is this as secure as using the Roles package ? Is their something I am missing with my “simple” solution ?

Thanks a lot for your feedback.

Nothing wrong with it. As long as you do both client and server checks, that is ok.