流星角色包-userIsInRole始终返回false
[英]Meteor Roles package - userIsInRole always returns false
问题描述
I want to have a filter on routing level, checking if the user is in a specific role. 
我希望在路由级别上有一个过滤器,检查用户是否处于特定角色。
this.route('gamePage', {
path: '/game/:slug/',
onBeforeAction: teamFilter,
waitOn: function() { return […]; },
data: function() { return Games.findOne({slug: this.params.slug}); }
});
Here is my filter: 这是我的过滤器:
var teamFilter = function(pause) {
if (Meteor.user()) {
Meteor.call('checkPermission', this.params.slug, Meteor.userId(), function(error, result) {
if (error) {
throwError(error.reason, error.details);
return null;
}
console.log(result); // returns always false
if (!result) {
this.render('noAccess');
pause();
}
});
}
}
In my collection: 在我的收藏中:
checkPermission: function(gameSlug, userId) {
if (serverVar) { // only executed on the server
var game = Games.findOne({slug: gameSlug});
if (game) {
if (!Roles.userIsInRole(userId, game._id, ['administrator', 'team'])) {
return false;
} else {
return true;
}
}
}
}
My first problem is that Roles.userIsInRole(userId, game._id, ['administrator', 'team'] always returns false. At first, I had this code in my router.js , but then I thought that it does not work because of a missing publication/subscription, so I ensured that the code runs only on the server. I checked the database and the user is in the role. 我的第一个问题是Roles.userIsInRole(userId, game._id, ['administrator', 'team']始终返回false。起初,我在router.js有此代码,但后来我认为它不起作用由于缺少发布/订阅,因此我确保代码仅在服务器上运行。我检查了数据库,并确定用户是该角色。
My second problem is that I get an exception ( Exception in delivering result of invoking 'checkPermission': http://localhost:3000/lib/router.js?77b3b67967715e480a1ce463f3447ec61898e7d5:14:28 ) at this point: this.render('noAccess'); 我的第二个问题是,我现在收到一个异常( Exception in delivering result of invoking 'checkPermission': http://localhost:3000/lib/router.js?77b3b67967715e480a1ce463f3447ec61898e7d5:14:28 ): this.render('noAccess'); and I don't know why. 我不知道为什么。
I already read this: meteor Roles.userIsInRole() always returning false but it didn't solve my problem. 我已经读过这篇文章: 流星Roles.userIsInRole()总是返回false,但是并不能解决我的问题。
Any help would be greatly appreciated. 任何帮助将不胜感激。
2 个解决方案
解决方案1
1 2014-09-10 12:58:37
In teamFilter hook you call Meteor.method checkPermission which works asynchronously and OnBeforeAction expects synchronous execution ( no callbacks ). 在teamFilter挂钩中,您调用Meteor.method checkPermission ,它异步工作,并且OnBeforeAction期望同步执行(没有回调)。 That is why you always receive false. 这就是为什么您总是收到错误的原因。
Another thing is that you are using Roles.userIsInRole incorrectly: 另一件事是您错误地使用了Roles.userIsInRole :
Should be: 应该:
Roles.userIsInRole(this.userId, ['view-secrets','admin'], group)
In this case I would check roles on client side: 在这种情况下,我将在客户端检查角色:
Roles.userIsInRole(userId, ['administrator', 'team'])
Probably you are worried about security with this solution. 您可能担心此解决方案的安全性。 I don't think you should. 我不认为你应该。 What is the most important is data and data is protected by publish function which should check the roles. 最重要的是数据,并且数据受发布功能保护,该功能应检查角色。
Please note that all templates are accessible to client. 请注意,客户端可以访问所有模板。
解决方案2
0 2017-07-12 09:54:36
You can add roles to the user only on server for that you can user Meteor.call({}); 您只能为服务器上的用户添加角色,因为您可以使用Meteor.call({});。 check here method from client to call method on server's main.js and you can check after this method call if the role is added in users collection using meteor mongo and db.users.find({}).pretty() and see if the roles array is added the user of that usedId then you can use Roles.userIsInRole() function anywhere on client to check loggedin users role. 在客户端main上检查此处的方法到服务器main.js上的调用方法,您可以在此方法调用之后检查是否使用流星mongo和db.users.find({})。pretty()将角色添加到用户集合中,并查看是否如果将角色数组添加到该usedId的用户,则可以在客户端上的任何位置使用Roles.userIsInRole()函数来检查已登录的用户角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.