Reputation: 1486
How do you deny reads of a collection in meteor?
There is no allow/deny method for this and you can't do it in the collection publish filter since it only runs once. I'm shocked, I thought it would just make sense that a template could render blank if you denied a read.
Meteor looks like it works fine in a website with a single type of user but how do I segregate data more for reading?
Upvotes: 1
Views: 81
Reputation: 3043
My answer is for deny read operations on collections:
There is no official solution for this AFAIK,but I think there is a community package for that
try
meteor add matb33:collection-hooks
link to the package on atmosphere https://atmospherejs.com/matb33/collection-hooks
From the page
Extends Mongo.Collection with before/after hooks for insert/update/remove/find/find
Copy pasted some example codes from github
.before.find(userId, selector, options)
.after.find(userId, selector, options, cursor)
.before.findOne(userId, selector, options)
.after.findOne(userId, selector, options, doc)
Upvotes: 0
Reputation: 1486
You can call .stop() in your publish callback function after checking the user role
There is an example here. https://github.com/alanning/meteor-roles#usage-examples
Meteor.publish('secrets', function (group) {
if (Roles.userIsInRole(this.userId, ['view-secrets','admin'], group)) {
return Meteor.secrets.find({group: group});
} else {
// user not authorized. do not publish secrets
this.stop();
return;
}
});
I found this answer after quite a bit of googling. Hopefully this helps other people. I still find it odd that you can't just define a read property on allow or deny and achieve the same behavior.
Upvotes: 3