Problem with FSCollection.allow({download

[robwatkin]

Hi,

I am trying to get the userId of the logged in user in the allow/deny rules for download on an FS Collection. I have something like

FSCollection.allow({
  download: function(userId) {
    // use userId to determine if download should be allowed.

The userId is the value false. This happens for both allow and deny. I've looked at some of the example apps and they expect the first argument to be userId. I've dumped the arguments, see below.

-- SeamsImages.deny download arguments:  { '0': false,
I20150613-15:57:00.602(1)?   '1':
I20150613-15:57:00.602(1)?    { createdByTransform: true,
I20150613-15:57:00.602(1)?      _id: 'x9zDyXMBduRe9gGyk',
I20150613-15:57:00.602(1)?      original:
I20150613-15:57:00.602(1)?       { name: 'Girton_College,_Cambridge_-_geograph.org.uk_-_87878.jpg',
I20150613-15:57:00.602(1)?         updatedAt: Thu Aug 14 2014 10:14:05 GMT+0100 (BST),
I20150613-15:57:00.602(1)?         size: 407031,
I20150613-15:57:00.602(1)?         type: 'image/jpeg' },
I20150613-15:57:00.602(1)?      uploadedAt: Sat Jun 13 2015 15:57:00 GMT+0100 (BST),
I20150613-15:57:00.602(1)?      copies: { 'seams-images': [Object] },
I20150613-15:57:00.603(1)?      collectionName: 'seams-images',
I20150613-15:57:00.603(1)?      collection:
I20150613-15:57:00.603(1)?       { storesLookup: [Object],
I20150613-15:57:00.603(1)?         primaryStore: [Object],
I20150613-15:57:00.603(1)?         options: [Object],
I20150613-15:57:00.603(1)?         name: 'seams-images',
I20150613-15:57:00.604(1)?         files: [Object],
I20150613-15:57:00.604(1)?         _validators: [Object] },
I20150613-15:57:00.604(1)?      domain: null,
I20150613-15:57:00.604(1)?      _events: {},

Thanks Rob

[Ethaan]

Did you solve this? im having the same issue here

[niranjans]

+1. I'm also having the exact same issue. Seems like a bug.

[shividhar]

+1. Same error.

[Ethaan]

@shividhar The problem was fixed using the auth token

[shividhar]

@Ethaan Could you tell me how to use the auth token? Or point me to a resource. Thanks a lot!

[mxab]

How to you generate the url for your file? if you use file.url({store: "yourStoreName"}) the auth token should be appended to the url as far as I know

[aslagle]

I'm having the same problem trying to use this in a package-based app. The auth token only works when an accounts package is included directly in .meteor/packages. If it's only used in another package, Accounts isn't defined when CollectionFS tries to use it to get the token.

Maybe one of the CollectionFS packages should api.use accounts-base, or it should check Package['accounts-base'].Accounts instead?

[robwatkin]

Thanks @aslagle

[DaxChen]

+1. same error, does anyone know how to fix this? I tried to use my own forked package and add api.imply('accounts-password') in many packages, as described in #665 , but the download part in both allow and deny still have userId set to false (insert and update is working alright).

Please, cfs team, is there any way I can have contents protected, I think this is a rather basic feature to only serve uploaded images to logged in users (or some specific users).

Thanks for any help! Please I'm stuck for weeks.

[neufeldtech]

+1 Also having this issue. A console.log(userId) inside the download part is always returning false.

[pl7y]

Same problem here. since download always has a false userId, I can't really get any permission control there. The problem for me is that I need to pass some files stored in mongodb to nodejs workers, using job-collection. So I would like the worker to take the files from repo, and now I'm trying to pass them a url of the files. @Ethaan and @shividhar , how did you manage to fix this using tokens? Using file.url()or file.url({store: ...}) on server side I don't get a token.

[emilbruckner]

+1 Anyone who solved this?