search

nicolaslopezj / roles

The most advanced roles package for meteor
MIT License
87 stars 13 forks source link

Multiple allow/ deny rules #5

Closed zimt28 closed 9 years ago

zimt28 commented 9 years ago

Thanks for this package, it's great!

At the moment it seems not possible to have multiple allow/ deny rules for one action. As an example, if I have multiple deny rules, they will get ignored:

myRole.deny('collection.insert', function () { return true; });
myRole.deny('collection.insert', function () { return true; });
// Insert will pass

So it would be great if we could set multiple allow/ deny rules. Any opinions?

nicolaslopezj commented 9 years ago

@zimt28 It supports multiple rules.

The problem that you are having is that if any deny rule returns true the document will not be inserted in any case

zimt28 commented 9 years ago

Oh, all right.

if any deny rule returns true the document will not be inserted in any case

This is what I'd expect. However, the moment I defined two deny rules, even if both of them returned true, the document was inserted but shouldn't.

nicolaslopezj commented 9 years ago

Did you do this?

https://github.com/nicolaslopezj/roles#helper-for-collections

zimt28 commented 9 years ago

I'm doing that manually and it's basically the same thing .. Shouldn't be a problem


### Server ###

Mongo.Collection.prototype.registerActions = ->
  Roles.registerAction "#{@_name}.insert", true, false
  Roles.registerAction "#{@_name}.update", true, false
  Roles.registerAction "#{@_name}.remove", true, false

Mongo.Collection.prototype.addAllowRule = ->

  @allow
    insert: (args...) => true
    update: (args...) => true
    remove: (args...) => true

Mongo.Collection.prototype.addDenyRule = ->

  isDenied = (collectionName, mode, args...) ->
    userId = args[0]
    Roles.deny(userId, "#{collectionName}.#{mode}", args...)

  @deny
    insert: (args...) => isDenied(@_name, 'insert', args...)
    update: (args...) => isDenied(@_name, 'update', args...)
    remove: (args...) => isDenied(@_name, 'remove', args...)

App.hooks.add 'collections:on:startup', (collection, name) ->
  collection.registerActions()
  collection.addAllowRule()
  collection.addDenyRule()
nicolaslopezj commented 9 years ago

Try to do it with the method that is in the docs and tell me if it works

zimt28 commented 9 years ago

Works now. Not sure what it was, but the problem disappeared as a re-structured my code. Great package, thanks again!

nicolaslopezj commented 9 years ago

Great!