Meteor-security for methods?

Question

Meteor-security for methods?

sebakerckhof opened this issue 9 years ago · comments

Hello,

Does something similar exist for methods?
E.g. something like:

permit('METHODNAME').ifLoggedIn().ifCreated().apply();

meaning that the method can only be called if it passes through these checks, each check would then probably need to have the methods parameters somewhere on the scope or on this...

Eric Dobbertin · Answer 1 · Thu Jun 25 2015 22:50:53 GMT+0800 (China Standard Time)

Cool idea. It should be possible to support method security, with lots of monkey-patching of Meteor internals.

@raix created https://github.com/DispatchMe/meteor-restricted-find to pull read security into allow/deny. A similar package could pull method security into allow/deny.

Then there would be a single security layer for Meteor, which ongoworks:security could wrap for a simple chainable API.

ASJ · Answer 2 · Fri Jun 26 2015 04:24:53 GMT+0800 (China Standard Time)

I like the idea of a single security layer with a chainable api. maybe we could extend check like @raix find?

steeve cannon · Answer 3 · Wed Jul 22 2015 22:57:26 GMT+0800 (China Standard Time)

Maybe look at using

https://github.com/matteodem/meteor-easy-security to accomplish this.

It has hooks for methods and you could then call in the hook.

return Roles.userIsInRole(this.userId, [role, roles], group)

Eric Dobbertin · Answer 4 · Tue Oct 06 2015 04:23:19 GMT+0800 (China Standard Time)

Server side support added by 4a4c0ba in 1.3.0. See Readme.