Comments (7)
The calls to Roles have to come after onCreate completes; until then there is no user record for Roles to update.
There's a bit more about it here, as well as a link to an SO question about it: https://github.com/alanning/meteor-roles/blob/master/README.md#usage
On Aug 12, 2014, at 6:55 AM, bitomule [email protected] wrote:
I want to set user Roles inside onCreateUser and it doesn't work. I have:
Roles.setUserRoles(user, 'admin', 'tesgroup');
console.log(Roles.userIsInRole(user,'admin','tesgroup'));
And it's always false. Any ideas on this?—
Reply to this email directly or view it on GitHub.
from meteor-roles.
Thanks @alanning , I'll try to expose my problem, maybe you can help me:
On register form I add some extra data as that user register form can include creating a group or not. That group is created inside onCreate and I want to add roles for that group inside onCreate.
If that's not possible, how can I add roles in server to that user and that group?
User's doesn't keep a reference to the group. The only place where that info is available is inside onCreate or in client and I don't want to allow client to add roles.
from meteor-roles.
Not sure the specifics of what you're doing but I'd suggest a Meteor method that performs the actual user creation and setup.
The 'server' section of https://github.com/alanning/meteor-roles#usage has a similar example to what your Meteor method would do: users are created using Accounts.createUser
and then permissions are added with Roles
.
from meteor-roles.
And is it possible to add group and roles to the user object? I can add roles using:
user.roles = ['role1']
Can I add a role to a group with something like that? I've tried:
user.roles['group'] = ['role1']
but it donesn't work.
Creating account server side is a bad idea as I have to send user password without any security to the server, no?
from meteor-roles.
You can manually do the same thing that the Roles package does and modify the user object. This explains the structure: https://github.com/alanning/meteor-roles/blob/master/README.md#changes-to-default-meteor-behavior Just be sure to save the user object back to the db or else it won't persist.
Anything done on the client-side is insecure because the client-side code executes on machines outside of your control and they can change it however they want. The server-side code is secure because you control the execution of code and manage access to resources (like the database).
All communications between the client and server need to be via SSL or else you don't know whether a 3rd-party has intercepted and/or modified the data or not. I'd recommend reading up on how application security works on the web. This may be a good place to start: https://www.owasp.org/index.php/Getting_Started
from meteor-roles.
Thanks @alanning ,
we're going to use SSL too, of course. I have finally solved setting user data manually:
user.roles = {};
user.roles['_' + options.groupId] = ['admin'];
And I create the roles on Meteor startup.
from meteor-roles.
Cool! Glad you got it working.
from meteor-roles.
Related Issues (20)
- Support new Meteor async API (Meteor 2.8+) HOT 2
- Defaut publication uses only user._id, but no index is created on that field only HOT 2
- cannot add data into role-assignment HOT 3
- Meteor.roleAssignment, error: Property 'roleAssignment' does not exist on type 'typeof Meteor'. HOT 5
- Weird issue with role-assignement.. HOT 2
- Upgrading from 3.4.0 to 3.5.0 introduces 6x node "UnhandledPromiseRejectionWarning: TypeError: Cannot set property 'isCalledFromAsync' of undefined" warnings. HOT 1
- TypeError: Cannot set property 'isCalledFromAsync' of undefined ... HOT 4
- Improve community standards HOT 1
- Add code quality tools HOT 2
- Add selector to Roles.getUsersInRole HOT 2
- forwardMigrate2 tries to drop unset index HOT 1
- Add new function to change scope of existing role assignment HOT 1
- addRolesToParent -> Reset inheritance as unwanted roles may still be connected HOT 1
- Get a list of users with a scope HOT 13
- api docs still show v.3.4.0 in upper right corner HOT 1
- Not async? HOT 3
- Dependency on old [email protected] (need v3.0.0-rc300.1) HOT 3
- Roles.createRole is not a function (alanning:[email protected]) HOT 4
- Alpha 3 not compatible with Meteor 3 rc2 HOT 3
- Example app with selectable permissions HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meteor-roles.