Could i use meteor-security in meteor method?
thearabbit opened this issue · comments
Yuom Theara commented
Could i use meteor-security in meteor method like this:
Meteor.method({
myMethod: function(roles) {
Posts.permit('remove').ifHasRole({role: roles}).apply();
}
});
And then we call it before insert or after submit.
Eric Dobbertin commented
No it is a substitute for allow/deny, so it applies to client-side insert/update/remove calls only.
John Gonzalez commented
The other hand. Could i use meteor-security in meteor method like this:
// In server/security.js
Posts.permit('remove').ifHasRole('admin').apply();
// In server/methods.js
Meteor.method({
myMethod: function(post) {
Post.insert(post);
}
});
Eric Dobbertin commented
If you add the dispatch:run-as-user package, you can use Meteor.runRestricted
to apply allow/deny rules in server code such as a method:
Meteor.method({
myMethod: function(post) {
Meteor.runRestricted(function() {
Post.insert(post);
});
}
});
I'm also working on an enhancement to this pkg to provide direct server support.