meteor-rethinkdb icon indicating copy to clipboard operation
meteor-rethinkdb copied to clipboard

Published 20 hours ago verified publisher icon Slava

Allow/deny rules for `run`

Open Slava opened this issue 10 years ago • 6 comments
trafficstars

Currently the RPC end-point /mytable/run doesn't check any permissions.

Slava avatar May 06 '15 08:05 Slava

Did this get done? Where is the code?

rclai avatar May 22 '15 23:05 rclai

The ticket is still open. So the answer is "no".

Slava avatar May 22 '15 23:05 Slava

Oh it was just weird seeing the Feature complete milestone. Made it seem like it was complete. But have you worked on it?

rclai avatar May 22 '15 23:05 rclai

"feature-complete" means a stage of a project where all core features are implemented but the project might be lacking documentation, or some release engineering work pending.

Slava avatar May 23 '15 01:05 Slava

What would be the best way to prevent client side edits? I'm playing with Rethink in consideration for using it on a project and was wondering how the security stuff is at the moment.

(Edit: We're really excited to potentially use Rethink)

sircharleswatson avatar Jul 07 '15 22:07 sircharleswatson

@Slava, If we wanted to implement allow / deny, would we do it inside: https://github.com/Slava/meteor-rethinkdb/blob/master/rethink.js:

methods[self._prefix + 'run'] = function (builtQuery, generatedKeys) {

ramezrafla avatar Aug 08 '16 14:08 ramezrafla