Reputation: 705
Meteor allow/ deny rules
I'm about to set the allow/ deny rules for an application. There are some apps that set both allow and deny rules. Why would I do that? In my opinion it's the same thing. So it doesn't matter if you say "You can delete if you own this document" or "You can't delete if you don't own this document".
So why set both?
Upvotes: 1
Views: 147
Answers (1)
Reputation: 64342
If you have only one allow or deny rule then you are correct - it doesn't matter which one you use. However, if you have multiple rules for the same operation you can express more complex logic.
When evaluating the rules, a decision is reached as follows: If any of the allow callbacks return true, AND none of the deny callbacks return true, then the operation will succeed.
Upvotes: 2
Related Questions
- Meteor - Set the logged in user
- Meteor, Angular, and Allow/Deny
- Custom authentication in Meteor.js
- Meteor.users.allow never fires, but Meteor.users.deny works
- Meteor Collection.allow
- internal server error when defining allow/deny rules with meteor
- Controlling User Access in Meteor
- Meteor: How to detect if users authenticated
- Where should I put allow and deny rules in Meteor.js?
- Meteor JS - allow/deny rules