Meteor.js customizing publish based on the value of the collection object and User Role

Question

I'm still trying to grasp the concept of the customized publishing in Meteor.

There is a collection called Pages. This collection contains a field "privacy". This field can contain values "private" and "public". There are also User Roles. Depending on the privacy field value, I'd like to check if the current user is allowed to see this page, and then publish, or not this particular Collection object.

So, the publish method on the server goes something like this (totally improvising):

Meteor.publish('pages', function () {

if (Roles.userIsInRole(this.userId, ['admin', 'viewer']) 
         && this.privacy == 'private') {
    return Pages.find();
} else {
  if (this.privacy == public) {
     return Pages.find();
  } else {
  // Not authorized
  this.stop();
  return;
  }
}
});

The problem in this code is obviously that 'this' will not refer to the one particular object in the Collection. But I'd like to get access to a single object of the published collection to perform this user role check.

Any hints are greatly appreciated.

Answer 1

You need to return a filtered cursor.

Meteor.publish('pages', function () {
  return Pages.find({privacy:"public"});
}

See Data and security chapter.