Closed IonicaBizau closed 11 years ago
With the new model the roles are still given to the client. They should be filtered in some way (or completely removed) before returning template results to the client.
Probably the super-admin (the one that can edit roles and templates) should see them. The others should not.
The solution to this problem is to configure a query in a role which is dynamically build with user data on each request.
myTemplate.roles["roleId"] = {
access: 1, // 2 | 3
query: {
// field to query: field from user
_id: "_id"
}
}
fixed in d785dca9c080878f7fe85d18d10c695fa00a08d3
New changes are (soon) documented in the readme.
It's great that
getTemplates
was fixed and it will get the templates, checking the permissions of the user (cc #2 ).But, what about
find
with the following crud object?After this request in the response will come all templates (even the basic ones: templates, lists, roles).