horizon-docs icon indicating copy to clipboard operation
horizon-docs copied to clipboard

Published 20 hours ago verified publisher icon rethinkdb

Permissions cookbook page

Open deontologician opened this issue 9 years ago • 3 comments
trafficstars

Since the permissions system is very wide open and flexible, it makes sense to have a permissions cookbook page that shows you how to implement common types of rules, like:

  • giving an admin user permission to do any operation,
  • creating a group to administrate another group
  • giving a user ownership of a group (power to create and destroy it)

deontologician avatar May 20 '16 21:05 deontologician

Here's an example @segphault mentioned:

Allowing a user to delete their own bookmarks:

[groups.authenticated.rules.delete_own_bookmarks]
template = "collection('bookmarks').remove(any())"
validator = """
 (context, oldValue, newValue) => {
   return oldValue.user === context.id;
 }
"""

This may look differently if we extend context to include additional info, such as a user property.

mglukhovsky avatar Jun 16 '16 20:06 mglukhovsky

If people could come up with a few of the examples in Josh's bullet list above, that would be helpful for me. (It might also be good to have a section that gives the rationale for Horizon using a "deny all access by default and explicitly define exceptions" approach to data permissions, although that might be a different ticket.)

chipotle avatar Aug 16 '16 18:08 chipotle

Note to self: do this

deontologician avatar Aug 16 '16 21:08 deontologician