orbit:permissions – orbit:permissions – Authorization for Meteor Package Developers
orbit:permissions – orbit:permissions – Authorization for Meteor Package Developers
0 0
intro-to-orbit-permissions
On Github theosp / intro-to-orbit-permissions
orbit:permissions
Authorization for Meteor Package Developers
The Orbit Project
An open source content management platform for Meteor A platform for web & mobile apps for non-developersOrbit Users
- Developers of packages (plugins) for Orbit
- App Developers
- App Editors
Orbit Authorization Needs
- Permissions are defined and used in multiple packages
- Permissions of one package can be used by other packages
- Package and app developers should be able to set some predefined roles (collection of permissions), they assume will be in wide use
- Project editors can add more roles to the system with any set of Permissions
orbit:permissions Structure
orbit:permissions Permissions
- permissions:delegate-and-revoke: Delegate and revoke user roles
- permissions:get-users-roles: Query roles of other users
- permissions:edit-custom-roles: Define and undefine custom roles
orbit:permissions Package Roles
-
permissions:admin:
- Users with this role will have all the permissions of all the packages
-
permissions:permissions-manager:
- permissions:delegate-and-revoke
- permissions:get-users-roles
- permissions:edit-custom-roles
orbit:permissions API
Defining Permissions and Package Roles
Chat Package Example// Common code on client and server
(new OrbitPermissions.Registrar("chat"))
.definePermission("remove-message")
.definePermission("edit-message")
.definePermission("appoint-manager")
.defineRole("chat-moderator", ["edit-message", "remove-message"]);
Defining Permissions and Package Roles
Package Role in the Application level// Common code on client and server
// Registrar for the app is created when
// OrbitPermissions.Registrar() is called with no args
appplication_registrar = new OrbitPermissions.Registrar();
appplication_registrar
.definePermission("approve-accounts")
.defineRole("site-moderator",
["chat:edit-message",
"chat:remove-message",
"project:approve-accounts"]);
Custom Roles
Define and undefine a Custom Role// On the client, the following requires the
// permissions:edit-custom-roles permission
OrbitPermissions.defineCustomRole("underprivileged-moderator",
["project:approve-accounts", "chat:remove-message"]);
OrbitPermissions.undefineCustomRole("underprivileged-moderator");
Delegate & Revoke Roles
Delegate & Revoke a role// On the client, the following requires the // permissions:delegate-and-revoke permission OrbitPermissions.delegate(user, ["chat:chat-moderator", "project:site-moderator"]); OrbitPermissions.revoke(user, ["chat:chat-moderator", "project:site-moderator"]);
Check for permission
Allow costom roles modifications only if user has the edit-custom-roles permission// On the client, checking permissions of other users require the
// permissions:get-users-roles permission
CustomRoles.allow({
insert: function (userId, doc) {
return OrbitPermissions.userCan("edit-custom-roles",
"permissions", userId);
},
remove: function (userId, doc) {
return OrbitPermissions.userCan("edit-custom-roles",
"permissions", userId);
)
});
Template Helper
The "can" helper{{#if can "remove-message" "chat"}}
<button>Remove Message</button>
{{/if}}
Admins Related Commands
Admins Related Commands// On the client, requires the permissions:get-users-roles permission unless // checked on logged user OrbitPermissions.isAdmin(user) // On the client, requires the permissions:delegate-and-revoke permission OrbitPermissions.addAdmins(users) // On the client, requires the permissions:delegate-and-revoke permission OrbitPermissions.removeAdmins(users)