0
votes

For a Meteor app I am writing, I want to have two levels of user authentication. On the first level, the user will log in to a group using a username and password (which is shared amongst many people who belong to the group). On the second level, the user will log in to their own personal account that is within the said group using their email and password.

I already have a system developed for getting a user to sign in to their personal account (using email/password), but I am confused as to how to add a feature so that each user belongs to a specific group.

A similar example would be a login system similar to slack. Where you login with the group name, then sign in to your profile. If authenticated (i.e. your credentials say your email/password is correct + you belong to the group) you can start using the application.

I feel as though the solution is very simple, I tried to use accounts-ui element {{> loginButtons}} but it only worked on the second level (could only log user into their profile, and could not have users log into different groups)

I think my problem may be where I am inserting the said element, or it may be that meteor doesn't allow you to use multiple instances of user authentication.

I am looking for some clarification on my problem, any help would be greatly appreciated!

1
This is pretty unusual, why don't you just utilise permissions/roles instead? atmospherejs.com/alanning/roles - Ian Jones
Thank you, this seems interesting and I'll definitely look more into it. But wouldn't it be so much easier to just have a user log in twice? Once again they first log into (and are authenticated) to a specific group aka an account (or they can create a new one). And within that account they can login/signup with their credentials. It is a little weird, but it seems so simple to implement, at least in theory. I just need help figuring out how... - Ahad Sheriff
But why not just have 'groups' as roles, then you just have a single login and a user has a list of 'groups' they can interact with. Simply check if the user is logged in, then check if they are part of that 'group'. Easy. - Ian Jones
But then I would need to tear apart my application and start from scratch :( - Ahad Sheriff

1 Answers

0
votes

just as someone already recommended, alanning:Roles is the best way to manage user rights. Group permission are just another way to look at user roles.

Some copy paste code for anyone who comes looking by

if Roles.userIsInRole(userId, [
    'llama'
    'admin'
  ], Roles.GLOBAL_GROUP)
  // Do something with privileges 
else
  // No privileges

Secure publishing to only users in admin role:

if (Roles.userIsInRole(this.userId, ['admin'], Roles.GLOBAL_GROUP)) {
    return SomeCollection.find({}); // Publish all fields
} else {
    return SomeCollection.find({}, {fields: { // Only return public fields
        'name': true 
      }
    }
}

Restrict the publication of roles collection itself to only users in admin role:

Meteor.publish("roles", function() {
    if (Roles.userIsInRole(this.userId, 'admin', Roles.GLOBAL_GROUP)) {
        return Meteor.roles.find({});
    } else {
        this.ready();
    }
});

add/remove user to/from a role:

Meteor.methods({
// add user to role. Roles can be an array
  addRoleToUser: function(userId, roles) {
    if(Roles.userIsInRole(this.userId, 'admin', Roles.GLOBAL_GROUP)) {
      Roles.addUsersToRoles(this.userId, roles, Roles.GLOBAL_GROUP);
  },

// Remove user from a role: 
  removeRoleFromUser: function(userId, roles) {
    if(Roles.userIsInRole(this.userId, 'admin', Roles.GLOBAL_GROUP)) {
      Roles.removeUsersFromRoles(userId, roles, Roles.GLOBAL_GROUP);
    }
  }
}