Meteor - Deny read?

Question

How do you deny reads of a collection in meteor?

There is no allow/deny method for this and you can't do it in the collection publish filter since it only runs once. I'm shocked, I thought it would just make sense that a template could render blank if you denied a read.

Meteor looks like it works fine in a website with a single type of user but how do I segregate data more for reading?

Answer 1

My answer is for deny read operations on collections:

There is no official solution for this AFAIK,but I think there is a community package for that

try

meteor add matb33:collection-hooks

link to the package on atmosphere https://atmospherejs.com/matb33/collection-hooks

From the page

Extends Mongo.Collection with before/after hooks for insert/update/remove/find/find

Copy pasted some example codes from github

.before.find(userId, selector, options)
.after.find(userId, selector, options, cursor)
.before.findOne(userId, selector, options)
.after.findOne(userId, selector, options, doc)

Answer 2

You can call .stop() in your publish callback function after checking the user role

There is an example here. https://github.com/alanning/meteor-roles#usage-examples

Meteor.publish('secrets', function (group) {
  if (Roles.userIsInRole(this.userId, ['view-secrets','admin'], group)) {

    return Meteor.secrets.find({group: group});

  } else {

    // user not authorized. do not publish secrets
    this.stop();
    return;

  }
});

I found this answer after quite a bit of googling. Hopefully this helps other people. I still find it odd that you can't just define a read property on allow or deny and achieve the same behavior.