Access management for user on new web app in Meteor

Question

I am looking for solutions with management of user rights and access to view application content.

My target is:

• view different pages to different groups of logged users
• I need to manage this groups by admin account
• then web app will check users rights and prepare special page for each of groups

I spend some time but can't find good modules for that solution. And decide to create my own admin panel, and collection that will contain users rights.

At this moment I have a problem with quick form, it does not show me half of a values:

Meteor.publish('allUsers',function(){
    return Meteor.users.find({})
});
Meteor.publish('userAcCardS',function(){
    return RoleCard.find({userId: this.userId});
});

<template name="singleUser">
  <h1 class="page-title"> user  - {{_id}} <i class="fa fa-pencil"></i></h1>
  <h3>  
    -{{RCList._id}}-{{RCList.name}}-{{RCList.isAdmin}}-

  {{#if RCList}}
    {{> quickForm id="update_card" collection="RoleCard" doc=this type="update"}}
  {{else}}
  noth {{> quickForm id="new_card" collection="RoleCard" type="insert"}}
  {{/if}}
   </h3>
</template>

Template.singleUser.onCreated(function() {
  var self = this;
  self.autorun(function() {
    self.subscribe('userAcCardS');
  });
});

Template.singleUser.helpers({
    userEmail: function(){
    return this.emails\[0\].address;
  },
  RCList: function(){
        return RoleCard.findOne({userId: this._id});
    }
});

But I see only this:

So what's wrong? And maybe you can give me advice to use another solution like Meteor package if you know it?

Or maybe you can tell me how to render autoform based on "RCList", that can provide changes to RoleCard collection, if it's possible? I am i quite new in meteor and js...

Answer 1

The most popular roles package is the alanning:roles package. It allows you to control user roles and restrict access based on those roles. Use this command to install it for your project:

meteor add alanning:roles

Here is an example of it's usage for restricting published data:

Meteor.publish('secrets', function (group) {
    if (Roles.userIsInRole(this.userId, ['view-secrets','admin'], group)) {
        return Meteor.secrets.find({group: group});
    } else {
        // user not authorized. do not publish secrets
        this.stop();
        return;
    }
});

Example of restricting what is seen on the client:

<template name="header">
    ... regular header stuff
    {{#if isInRole 'admin'}}
        {{> admin_nav}}  
    {{/if}}
    {{#if isInRole 'admin,editor'}}
        {{> editor_stuff}}
    {{/if}}
</template>