Closed yairtal closed 4 years ago
Related to https://github.com/VulcanJS/Vulcan/issues/2542 We need to implement this: https://github.com/VulcanJS/Vulcan/issues/2542#issuecomment-596961794
As far as I understand the issue is that _id
has a specific permission ( a custom function), and field with specific permission are not yet filterable (will always be rejected before filtering can even happen)
True to every field, as I want to give a specific permission (a custom function) to many fields.
If you'll follow this path - permissions.js
-> users.checkFields
-> Users.getReadableFields
you'll notice the last doesn't get document
, so can't check for custom permissions.
When the above runs, the function at
canRead
on the schema, does not get thedocument
as a one of the variables. The problem is that inpermissions.js
,users.checkFields
does not get nor senddocument
, soUsers.getReadableFields
doesn't get document and it never gets to thecanRead
function.I'd like only the producers of this movie to know it's title, so in the schema of the movie I give
title
-canRead: restrictedPermissions
, and inrestrictedPermissions
I'd like to check if the user is the a producer that works in the united states and have copy rights (or whatever), but it's impossible as I don't get the document when this query runs, because inpermissions.js
,users.checkFields
does not get nor senddocument
, soUsers.getReadableFields
doesn't getdocument
.