Skip to content
This repository has been archived by the owner on May 7, 2022. It is now read-only.

Permissions cookbook page #64

Open
deontologician opened this issue May 20, 2016 · 3 comments
Open

Permissions cookbook page #64

deontologician opened this issue May 20, 2016 · 3 comments

Comments

@deontologician
Copy link
Contributor

Since the permissions system is very wide open and flexible, it makes sense to have a permissions cookbook page that shows you how to implement common types of rules, like:

  • giving an admin user permission to do any operation,
  • creating a group to administrate another group
  • giving a user ownership of a group (power to create and destroy it)
@chipotle chipotle changed the title Permissions cookbook page` Permissions cookbook page Jun 16, 2016
@mglukhovsky
Copy link
Member

Here's an example @segphault mentioned:

Allowing a user to delete their own bookmarks:

[groups.authenticated.rules.delete_own_bookmarks]
template = "collection('bookmarks').remove(any())"
validator = """
 (context, oldValue, newValue) => {
   return oldValue.user === context.id;
 }
"""

This may look differently if we extend context to include additional info, such as a user property.

@chipotle
Copy link
Collaborator

If people could come up with a few of the examples in Josh's bullet list above, that would be helpful for me. (It might also be good to have a section that gives the rationale for Horizon using a "deny all access by default and explicitly define exceptions" approach to data permissions, although that might be a different ticket.)

@deontologician
Copy link
Contributor Author

Note to self: do this

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@deontologician @mglukhovsky @chipotle