Comments (6)
Hi @warsamebashir ,
You'll need to perform that authorization check on both the server-side and the client-side.
In our app we have two similar checks, one for "email verified" and one for "accepted terms of service". Both live on the user object. On the server, we have an Auth.authorized
function that takes the name of an action, user credentials, and optional data and dispatches to custom methods for each action. Each meteor call or publish function will first check with Auth before returning data or executing the requested action.
So you would check the user's billing status inside the authorized
functions as appropriate.
On the client side, we have an authenticate
filter that runs before most every route and redirects depending on user status. So if a user has logged in but the user's email isn't validated yet, then we redirect them to the Awaiting Validation template instead of the requested page.
Lemme know if that makes sense. If you'd like, you can use the example apps as a test bed and add the billing functionality in there. Send PRs and I'll modify as appropriate. That way I can help you directly and also other people will benefit from the improved examples. :-)
from meteor-roles.
That helps. Do you by chance have an example of the Auth.authorized
function you are talking about. I would like to see how you have abstracted a way something which takes an action, credentials and dispatches. I have been looking for best practices around meteor as i am finding myself repeating the same checks in several places. THANKS by the way
from meteor-roles.
Yes, I can add it to the examples. We'll need some other simple actions
for our authorized users to perform. What do you suggest (emphasis on
simple)?
On Fri, Jan 17, 2014 at 10:29 PM, warsamebashir [email protected]:
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/25
.
from meteor-roles.
In my current app, users attempt to check a balance owned by an entity. You have to have completed a form in order to view this balance. Right now, the users profile is where this field forms_completed: true | false
is stored . I would like to do client side and server side checks for a route /view/balance/sheet_1
. Does that make sense?
from meteor-roles.
Security-related things should never be stored in the user's profile since the user can freely modify it. user.profile
is only intended for use for contact info and user preferences like firstname or favColor.
I'm pretty swamped with work for my startup now so I'd appreciate you starting the update to the example apps. For the first change, here's what I'd suggest:
- Add an
inArrears
field to the user object - Add a check to the client-side routing to redirect if
inArrears
is true - Add a check to the server-side publish functions that stops the subscription if the user is
inArrears
Send me a PR and I'll help out and add in the dispatching Auth.authorized
function.
from meteor-roles.
Thanks, i will clone and update the examples folder for iron-router
, then send a PR
from meteor-roles.
Related Issues (20)
- Defaut publication uses only user._id, but no index is created on that field only HOT 2
- cannot add data into role-assignment HOT 3
- Meteor.roleAssignment, error: Property 'roleAssignment' does not exist on type 'typeof Meteor'. HOT 5
- Weird issue with role-assignement.. HOT 2
- Upgrading from 3.4.0 to 3.5.0 introduces 6x node "UnhandledPromiseRejectionWarning: TypeError: Cannot set property 'isCalledFromAsync' of undefined" warnings. HOT 1
- TypeError: Cannot set property 'isCalledFromAsync' of undefined ... HOT 4
- Improve community standards HOT 1
- Add code quality tools HOT 2
- Add selector to Roles.getUsersInRole HOT 2
- forwardMigrate2 tries to drop unset index HOT 1
- Add new function to change scope of existing role assignment HOT 1
- addRolesToParent -> Reset inheritance as unwanted roles may still be connected HOT 1
- Get a list of users with a scope HOT 13
- api docs still show v.3.4.0 in upper right corner HOT 1
- Not async? HOT 3
- Dependency on old [email protected] (need v3.0.0-rc300.1) HOT 3
- Roles.createRole is not a function (alanning:[email protected]) HOT 4
- Alpha 3 not compatible with Meteor 3 rc2 HOT 3
- Example app with selectable permissions HOT 4
- Package.alanning:roles.Roles._forwardMigrate2 is not a function HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meteor-roles.