Permission checking in templates

[davedx]

Hi there,

I'm using tags for a current project where we need to only allow owners of documents or admins to add or edit tags.

On the server side this was easy to implement as the tags package uses the standard Meteor "allow" method -- I just added the document to the callback and was then able to do my perm checking.

On the client side in the templates this seems less easy, as the tags seem to be alongside the delete and add buttons in one chunk of template. So I was thinking of modifying the template to somehow allow permission checking here too, so users do not think they can add/edit/delete when they actually cannot.

Do you have any suggestions on how to approach this? I'll submit a PR when I've got something useful. :)

[apendua]

@davedx Good point, I will also think how to solve this problem. The first thing that comes to my mind is to use two different helpers like {{showTags}} and {{editTags}} and let you decide which one you want to use. Would it solve your problem?

[davedx]

@apendua I think that would work - it's probably the simplest solution too. I assume both would render all the tags, but only {{editTags}} would allow the editing controls (delete and add buttons)?

Maybe another option would be to parameterize it, e.g. {{showTags editable}} or {{showTags readonly}}?

[davedx]

@apendua I've done some work on this on our own fork, and was wondering if you'd be interested in a PR. Here's the compare: https://github.com/solvers/meteor-tags/compare

As you can see, as well as the permission changes we also removed the dependency on Bootstrap. This was necessary for us as we're using Bootstrap 3, and we couldn't have both versions present. Do you think this is acceptable?

(Of course we'd have to change the metadata back too before sending the PR :) )

[apendua]

@davedx Thank you for these suggestions. I will have a look and prepare a dev branch so that you make a pull request against it. Sounds good to you?

[davedx]

Sounds good!

On Tue, Jan 28, 2014 at 12:52 PM, Tomasz Lenarcik
notifications@github.comwrote:

@davedx https://github.com/davedx Thank you for these suggestions. I
will have a look and prepare a dev branch so that you make a pull request
against it. Sounds good to you?

Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-33471816
.

[apendua]

@davedx Cool :) So dev branch is already there waiting for your PR.

[davedx]

PR sent!

On Wed, Jan 29, 2014 at 10:59 AM, Tomasz Lenarcik
notifications@github.comwrote:

@davedx https://github.com/davedx Cool :) So dev branch is already
there waiting for your PR.

Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-33570452
.