Add isInRole to JS API as well #56
Comments
|
That's a great idea! The only caveat would be on the server-side where Any ideas on how to handle that? I guess we could throw an error if |
|
Thanks! It's a good point I guess — but how would you handle this with the |
|
Currently handled by sneakily requiring the programmer to provide the user object (ie, let the programmer worry about it). :-) I think this is actually why I didn't include something like this before, it creates an interface that is inconsistent on the server-side. But I think it makes sense to do it since it would be very useful and Meteor itself has the same inconsistency. Yeah, my thought on the error is to throw it early so programmers can catch it in development. Would you like to start work on this? A pull request would be much appreciated! |
|
Sure I’d like to contribute, but the |
|
@mitar I would close this to avoid any 3rd party dependency. I'd take it rather as they've done it on the accounts-package by creating a new package which depends on this and adds the mentioned functionality. Another approach, which would be easily readable is to use https://github.com/dburles/meteor-collection-helpers like following: // Included on server and client
Meteor.users.helpers({
has(permission, group) {
return Roles.userIsInRole(this._id, permission, group);
},
});Which allows you to use the following code on the client: Meteor.user().has('permission')Maybe there's also a good way to get this into a meteor-method. |
|
Sounds great @SimonSimCity ! |
|
@SimonSimCity Not sure if I understand what you are saying here. You are saying here that:
But then you propose a 3rd party dependency:
The main reason why dependency on this package might be necessary is to get |
|
To be honest, I still don’t understand why But what I think @SimonSimCity is proposing is not to add a 3rd party dependency, but an additional package that adds this 'syntax sugar' to the user collection. Which is also not so easy now I think of it, because So yeah, maybe adding this to the |
|
So we could have a package which adds So I do not care too much if this is part of this package or additional package. Also, the dependency on |
|
Check. One thing I don’t like so much about the
I use this functionality on multiple places in my app (updating |
|
You are right. I do see that package as "best practices" package. And to me allowing any unchecked writes to a database is problematic. You should wrap it into a method and verify what is being updated in |
While I see your point, I think it is up to the developer to make this call. Especially since this is default Meteor behaviour, we shouldn’t force this change upon people just because they want to use the |
A call to make their app insecure?
So this is why it would be a weak dependency. |
It is the same call the Meteor developers made. I think you are exaggerating. And the discussion is beside the point, anyway.
But if you want |
|
Yea, in fact it does not have to be that package anyway, to get it working everywhere. So we do not even have to weak-depend on it. If you would like to extract that logic you like out into a separate package, and then make user-extra depend on that, I am open to that. But let's discuss that in user-extra package's repository. |
StorytellerCZ
added
the
good first issue
|
Looking at current situation I feel that most of the issues have been resolved in newer Meteor versions, so it should be safe to move forward with this. The basic transfer from UI helper to the API in general should not present any problems (hence why I marked this with "good first issue"). |
Something you frequently do in the application, is check if the current user is allowed to access something. As there currently is no shorthand for this in the Javascript API, you have to do something like:
I noticed the UI helper offers a beautiful shortand syntax for this, using the currently logged in user. I think it would make a lot of sense to add this to the API as well, so that one can simply do:
or even better:
The text was updated successfully, but these errors were encountered: