stackoom
  简体   繁体   中英

How to add 2 level user authentication to Meteor application

 原文  2015-04-17 05:28:24       javascript/ node.js/ authentication/ meteor/ meteor-accounts

Question

For a Meteor app I am writing, I want to have two levels of user authentication. On the first level, the user will log in to a group using a username and password (which is shared amongst many people who belong to the group). On the second level, the user will log in to their own personal account that is within the said group using their email and password.

I already have a system developed for getting a user to sign in to their personal account (using email/password), but I am confused as to how to add a feature so that each user belongs to a specific group.

A similar example would be a login system similar to slack. Where you login with the group name, then sign in to your profile. If authenticated (ie your credentials say your email/password is correct + you belong to the group) you can start using the application.

I feel as though the solution is very simple, I tried to use accounts-ui element {{> loginButtons}} but it only worked on the second level (could only log user into their profile, and could not have users log into different groups)

I think my problem may be where I am inserting the said element, or it may be that meteor doesn't allow you to use multiple instances of user authentication.

I am looking for some clarification on my problem, any help would be greatly appreciated!

1 answers

solution1
 0  2015-04-17 12:47:41

just as someone already recommended, alanning:Roles is the best way to manage user rights. Group permission are just another way to look at user roles.

Some copy paste code for anyone who comes looking by 

if Roles.userIsInRole(userId, [
    'llama'
    'admin'
  ], Roles.GLOBAL_GROUP)
  // Do something with privileges 
else
  // No privileges

Secure publishing to only users in admin role: 

if (Roles.userIsInRole(this.userId, ['admin'], Roles.GLOBAL_GROUP)) {
    return SomeCollection.find({}); // Publish all fields
} else {
    return SomeCollection.find({}, {fields: { // Only return public fields
        'name': true 
      }
    }
}

Restrict the publication of roles collection itself to only users in admin role: 

Meteor.publish("roles", function() {
    if (Roles.userIsInRole(this.userId, 'admin', Roles.GLOBAL_GROUP)) {
        return Meteor.roles.find({});
    } else {
        this.ready();
    }
});

add/remove user to/from a role: 

Meteor.methods({
// add user to role. Roles can be an array
  addRoleToUser: function(userId, roles) {
    if(Roles.userIsInRole(this.userId, 'admin', Roles.GLOBAL_GROUP)) {
      Roles.addUsersToRoles(this.userId, roles, Roles.GLOBAL_GROUP);
  },

// Remove user from a role: 
  removeRoleFromUser: function(userId, roles) {
    if(Roles.userIsInRole(this.userId, 'admin', Roles.GLOBAL_GROUP)) {
      Roles.removeUsersFromRoles(userId, roles, Roles.GLOBAL_GROUP);
    }
  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I add/remove user specific data in Meteor How do you edit and add new fields to the Current User in Meteor? Is there a way to obtain user data if the Keycloak authentication is done on Apache level, not front-end application How to redirect to 404 page if user wants to access a specific page which requires login authentication in angular-meteor Meteor - How to limit the scope of template level subscriptions Where to add jQuery scripts in a Meteor application User authentication in multiple domain application Proper way to add field to the user collection in meteor Add custom user fields to Meteor.js How to add a signIn button in a website and update it based on user authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM