Installing Alanning Roles For Authorization

Alanning roles

Authorization grants permission to a user to perform a task in the web application. A web application may consist of different user types, and each user type may have different access levels or authorization to different areas of the application. Meteor has a community-developed package that simplifies this process. The alanning roles package makes attaching permission to an application’s user very easy.

Alanning roles is a package used for authorization and assignment of roles to the users of a system. When installed, the package provides methods of attaching roles to a user and checking a user for a particular role before allowing access to certain parts of the application.

Installation and how to use

The alanning role package is installed by typing meteor add alanning:roles into the terminal.

Note: Install the accounts-package before installing alanning:roles.

The alanning:roles package adds the following to Meteor’s default behavior:

• It adds a new collection called Meteor.roleAssignment that contains the information about which role has been assigned to which user.
• It adds a new collection called Meteor.roles that contains a global list of defined role names.
• It publishes all existing roles automatically to the client, which means that the roles collection is readily available at the minimongo data store on the client-side.

The coding playground at the end of this lesson demonstrates how to use the alanning:roles package.

In the server/main.js file that runs on the server, we import the installed alanning:roles package on line 4. On lines 6–39, we add a Meteor.startup block that includes code that will create new users in the system if no user exists when the application starts up for the first time.

On line 8, an array of two users’ objects with name, username, password, and roles properties is defined. A foreach loop is performed on the users array and on each user object. A check is performed to determine if that user already exists in the system. If they don’t exist, a new user is created using the username and password of that user object on line 27.

The Accounts.createUser method returns the id of the newly-created user, which is used on line 31 to check for any role attached to that user. A loop is performed on the user.roles property and upon each iteration of the user.roles property. A check is performed on line 33 to determine if that role already exists in the system. If it doesn’t exist, it’s created. After creating the role, the user is added to the roles on line 35.

Open the imports/api/methods.js file. On line 16, there’s a method definition named createNewUserAccount. This method can only be called on the client by a user who is logged in to the system. The method checks if the user calling the method belongs to the admin and manage-users roles on line 20. If the check passes, a new user account is created. If the check fails, an error is thrown and returned to the client.

An error object is thrown in Meteor by calling the constructor of the Error object and passing a parameter as the reason for the error. This error is returned as the first parameter in the callback function of the Meteor.call method.

 throw new Meteor.Error("error message");

Notice a new file named CreateAccount.jsx inside imports/ui. This file contains the code that creates a new user. Log in with any of the accounts created on the application server startup given in the table below, and see if you can create a new user account. The account with the username user isn’t able to create a new user because it doesn’t have the admin and manage-users roles attached to it.