How to get the userId of the current user

Question

How to get the userId of the current user

PhilippSpo opened this issue 10 years ago · 5 comments

I don't understand how i can get the current user id (like in a meteor method) in order to use this method: ifHasUserId(userId)
In Allow/Deny rules you always have access to the changed document id and the set of changes to the document - does this work at the moment with this package ?
I would like to give a user the permission to only change specific fields of his profile. How would you handle this?

Answer 1 · 2015-03-04T14:23:07.000Z

That method is for checking a specific, already known user ID. It's of limited use in most cases. More likely you want to define your own method like

Security.defineMethod("ifIsCurrentUser", {
  fetch: [],
  deny: function (type, arg, userId, doc) {
    return userId !== doc._id;
  }
});

And then combine ifIsCurrentUser() with onlyProps().

Answer 2 · 2015-03-04T14:54:54.000Z

Thanks that is exactly what i needed. works great!
I couldn't find in the documentation, that the document comes as the 4th param.. am I missing something ?

Answer 3 · 2015-03-04T15:04:53.000Z

It's stated in the text under Security.defineMethod, but I guess we could add an example similar to this one to make it more obvious.

Answer 4 · 2015-03-04T15:07:58.000Z

ok fair enough. I think your example above would already do it.

Answer 5 · 2015-03-04T15:10:33.000Z

Done: https://github.com/ongoworks/meteor-security/#securitydefinemethodname-definition