(Feature request) Ability to provide additional params to "send" method for authorization check and filename generation

[VasilySizov]

Hello,

currently we can pass only a file and a callback:

var uploader = new Slingshot.Upload("myFileUploads");
uploader.send(file, function (error, downloadUrl) {
...
}

So, in server side directive we are not able to check anything rather than userId in authorize and key methods:

Slingshot.createDirective("myFileUploads", Slingshot.S3Storage, {
  ...
  authorize: function () {
    //Deny uploads if user is not logged in.
    if (!this.userId) { return false }
    return true
  },

  key: function (file) {
    var user = Meteor.users.findOne(this.userId);
    return user.username + "/" + file.name;
  }
});

This makes impossible to provide permissions check and filename generation in any advanced scenario, which requires passing any additional parameters.

E.g. we would like to allow a user to attach a file to some entity called 'poject'. So everyone who is also in that project, can access this file as well. The simples way to implement this is 1) to have a permission check that user is in project 2) to generate a filename with project in the path (e.g. /some_project_id_12345/some_file_name12341.jpg).

We could do this the following way:

var uploader = new Slingshot.Upload("myFileUploads");
uploader.send(file, {projectId: 'some_project_id_12345'}, function (error, downloadUrl) {
...
}

and have some kind of check like this:

Slingshot.createDirective("myFileUploads", Slingshot.S3Storage, {
  ...
  authorize: function (params) {
    //Deny uploads if user is not logged in.
    if (!this.userId or !isUserInProject(params.projectId)) { return false }
    return true
  },

  key: function (file, params) {
    return params.projectId + "/" + file.name;
  }
});

If you already have other way to implement such checks, please let me know.

Thank you!

[VasilySizov]

Looks like it has already been implemented with 'metaContext' in Uploader. No worries then. Thanks. :)