Johhan Santana
Reputation: 2425
Right way to check if user has role in meteor?
I'm building a CMS and depending on the user role they will be able to edit/update/delete/create different areas but filtered by their role as in, one user with role: 'basic role' can't delete what the user with role: 'superuser' can.
What I have at the moment is this:
Collection.allow({
insert: function(userId, collection) {
return Meteor.users.findOne({_id: userId, profile: {role: 'admin'}});
},
update: function(userId, collection, fields, modifier) {
return Meteor.users.findOne({_id: userId, profile: {role: 'admin'}});
},
remove: function(userId, collection) {
return Meteor.users.findOne({_id: userId, profile: {role: 'admin'}});
}
});
QUESTION Is this the right way to validate users roles? Are there better ways? What are the best practices for this?
Thanks!
Upvotes: 0
Views: 228
Answers (1)
Althenis
Reputation: 59
You should take a look at the alanning:roles package. It's quite widely used and even mentioned in the Meteor Docs. In addition to roles, it also supports groups.
Upvotes: 2
Related Questions
- Meteor make one user to read and update all docs
- Filter subscription bases on user roles in Meteor
- How to check if a user has a specific role in Meteor
- meteorjs meteor-user-status mizzao package: cannot get other users
- Structure role-management in meteor-app with alanning:roles
- Meteor: Iterate over user roles for displaying checkboxes
- How to add a role profile page to meteor user?
- Proper place to store CustomerID per user account in Meteor
- Meteor publishing additional user information login / logout