search

nicolaslopezj / roles

The most advanced roles package for meteor
MIT License
87 stars 13 forks source link

Deny rule question #6

Closed zimt28 closed 9 years ago

zimt28 commented 9 years ago

I'm returning true for all allow rules and just using deny. The problem with this approach is, that Roles.deny returns false, if the user doesn't have a role or if the role doesn't have any deny rules registered for the action. How could I fix this?

Edit: Some code:

Mongo.Collection.prototype.registerActions = ->
  Roles.registerAction "#{@_name}.insert", true, false
  Roles.registerAction "#{@_name}.update", true, false
  Roles.registerAction "#{@_name}.remove", true, false

Mongo.Collection.prototype.addAllowRules = ->

  @allow
    insert: (args...) => true
    update: (args...) => true
    remove: (args...) => true

Mongo.Collection.prototype.addDenyRules = ->

  isDenied = (collectionName, mode, args...) ->
    userId = args[0]
    Roles.deny(userId, "#{collectionName}.#{mode}", args...)

  @deny
    insert: (args...) => isDenied(@_name, 'insert', args...)
    update: (args...) => isDenied(@_name, 'update', args...)
    remove: (args...) => isDenied(@_name, 'remove', args...)

App.hooks.add 'collections:on:startup', (collection, name) ->
  collection.registerActions()
  collection.addAllowRules()
  collection.addDenyRules()
nicolaslopezj commented 9 years ago

Use this code instead of your example.

myCollection.attachRoles('collectionName')

If all deny rules return false, and at least one allow returns true, the action will be allowed.

zimt28 commented 9 years ago

All right, just thought about it in a wrong way .. Thanks, was able to fix it by using allow rules as well