search

nicolaslopezj / roles

The most advanced roles package for meteor
MIT License
87 stars 13 forks source link

Publish example #4

Closed yathit closed 8 years ago

yathit commented 9 years ago

Hi Nicolas,

Thanks for beautiful library. We are migrating from alanning:roles. Since we have being heavily use roles, we want to make inplace migration.

One thing I cannot figure out is efficient way to publish roles. You have publishing example in your last part of readme file for publishing [Posts] roles. Our use case is more complex such that we need collection of [Posts] keys, rather then pull out by single [userId]. I would be greatly appreciate if you could show more example in such use case.

Thanks again for great library.

gam-ragnar commented 9 years ago

Orion relies on https://atmospherejs.com/reywood/publish-composite for publications they have a detailed documentation there

nicolaslopezj commented 9 years ago

@timfam I think this question is not about orion.

This roles package introduces a new way of thinking about roles. It makes you think first about actions and then define the different responses for each role to that action.

@yathit, I would be honored to help you but I need more details. With more details, better is the solution that I can give you.

yathit commented 9 years ago

@timfam Thanks.

I have create a branch in the repo for our logic detail. It is a typical permission for most SAAS.

Thanks for your quote, which is not standout as important concept at first on reviewing your package. But we take it wholeheartly and believe good pattern. Please see in roles and permissions.

The most complex is publishing collections. Our objects are hierarchical (Organization -> Project -> Canvas -> Square) and their permissions are typical with some extra.

Canvas object has extra permission for ad-hoc collaborators outside of parent Project.

Square object has extra permission for Guest (Role) outside of parent Canvas. For public Canvas project, a Guest can create squares in the canvas and assume full permission on its one square.

There are some cases un resolve:

  1. Canvas is shared publicly but change to private later. How is permission of the guest created square?
  2. How to publish squares for Guest. There will be a lot of publicly accessible, but hidden link, Canvas. We do not want to publish its Square, but publish on demand when guest user found it.
nicolaslopezj commented 9 years ago

1.- If canvas is public you can set isPublic: true attribute on the document. Then, in the publication check if the canvas is public, if it is just return the cursor.

Meteor.publish('canvas', function (canvasId) {
  check(canvasId, String);

  var canvas = Canvas.findOne(canvasId);

  if (!canvas) {
    return [];
  }

  if (canvas.isPublic) {
    return Canvas.find(canvasId);
  } else {
    if (Roles.userHasPermission(this.userId, 'canvas.read', canvas)) {
      return Canvas.find(canvasId);
    } else {
      return [];
    } 
  }
});

2.- Just send the publication without checking

Meteor.publish('square', function (squareId) {
  check(squareId, String);
  return Square.find(squareId);
});