Comments (8)
I would think this is due to some kind of access restrictions on the client side updating of the users or roles collections. I'd start debugging by adjusting allow/deny rules and see if that helps.
Personally I don't allow client side updates of those collections at all. Rather I use meteor method calls to control any changes to database collections.
Sent from my phone
On May 14, 2014, at 9:23 AM, Carlo DiCelico [email protected] wrote:
I'm getting the error insert failed: Access denied in Chrome's dev tools whenever I use setUserRoles or addUsersToRoles. They still work, though - my test user is updated correctly every time.
—
Reply to this email directly or view it on GitHub.
from meteor-roles.
Related question: how do you allow users to be able to have roles assigned to them via UI actions (i.e., create a resource and be made the admin of that resource) while simultaneously preventing users from being able to change/assign their own roles via the console?
Also, if you update collections via Meteor method calls, don't you miss out on simulation? And doesn't that essentially just amount to a conventional client/server architecture, obviating the need for Meteor?
Thanks!
from meteor-roles.
Related question: how do you allow users to be able to have
roles assigned to them via UI actions (i.e., create a resource
and be made the admin of that resource) while simultaneously
preventing users from being able to change/assign their own
roles via the console?
I'm not sure how to do that with allow/deny rules on collections. This
seems like an excellent candidate for Meteor methods.
Also, if you update collections via Meteor method calls, don't
you miss out on simulation? And doesn't that essentially just
amount to a conventional client/server architecture, obviating
the need for Meteor?
Meteor methods are also simulated if you allow them to be sent to the
client (ie. don't put the code in server-side only places like a server
folder). My understanding is that Meteor methods are different than
conventional ajax calls in two ways:
- Meteor methods can be simulated
- Meteor methods are executed in a meteor-context aware fiber
For our use case, we actually don't use simulation since we don't want the
client to think they have successfully done something when they actually
haven't. Meteor is still a core piece of technology for our service for
its other benefits, not the least of which is its simple abstraction
regarding the real-time distribution of data.
On Wed, May 14, 2014 at 1:06 PM, Carlo DiCelico [email protected]:
Related question: how do you allow users to be able to have roles assigned
to them via UI actions (i.e., create a resource and be made the admin of
that resource) while simultaneously preventing users from being able to
change/assign their own roles via the console?Also, if you update collections via Meteor method calls, don't you miss
out on simulation? And doesn't that essentially just amount to a
conventional client/server architecture, obviating the need for Meteor?Thanks!
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/40#issuecomment-43108435
.
from meteor-roles.
I'm not sure how to do that with allow/deny rules on collections. This
seems like an excellent candidate for Meteor methods.
I'm not sure I follow. Since insert/update/remove are implemented as Meteor methods, this seems like wrapping a Meteor method in another Meteor method for no good reason. Granted, you can do more than just CRUD in a Meteor method, but you could also just use collection hooks or even just a simple callback passed into insert/update/remove. Plus, if I have a Meteor method that assigns a user as the admin of a resource, since that method is executed in the context of that user, in order to update that user's role, he would still need to be able to update his own role.
At any rate, I think I should at least be able to limit updating a user's role to that user's group only via allow/deny rules, which may be enough.
Thanks again for answering my questions!
from meteor-roles.
I am getting this issue. Why can I not add user to roles client side? As long as I have my allow rules setup it should work
from meteor-roles.
Using allow rules is getting deprecated in Meteor. Create Meteor methods and call roles functions from there.
from meteor-roles.
@mitar Oh really? no more allow deny rules. very interesting. Do you know of any documentation where they provides this update and what will replace it?
from meteor-roles.
See here some information: meteor/meteor#5559
You just do Mongo operations from inside Meteor methods. This is the recommended way.
from meteor-roles.
Related Issues (20)
- v2 - Roles._forwardMigrate() just removes all users from roles HOT 2
- API docs linked to old version of codes HOT 1
- getUsersInRole reactivity? HOT 1
- getScopesForUser is not in documentation HOT 1
- How to run migration script from V1 -> V3 HOT 3
- Exception on subscription: $in needs an array.
- Support new Meteor async API (Meteor 2.8+) HOT 2
- Defaut publication uses only user._id, but no index is created on that field only HOT 2
- cannot add data into role-assignment HOT 3
- Meteor.roleAssignment, error: Property 'roleAssignment' does not exist on type 'typeof Meteor'. HOT 5
- Weird issue with role-assignement.. HOT 2
- Upgrading from 3.4.0 to 3.5.0 introduces 6x node "UnhandledPromiseRejectionWarning: TypeError: Cannot set property 'isCalledFromAsync' of undefined" warnings. HOT 1
- TypeError: Cannot set property 'isCalledFromAsync' of undefined ... HOT 4
- Improve community standards HOT 1
- Add code quality tools HOT 2
- Add selector to Roles.getUsersInRole HOT 2
- forwardMigrate2 tries to drop unset index HOT 1
- Add new function to change scope of existing role assignment HOT 1
- addRolesToParent -> Reset inheritance as unwanted roles may still be connected HOT 1
- Get a list of users with a scope HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meteor-roles.