@startupjs/sharedb-access
Sharedb access-control midleware
Last updated 2 days ago by yska .
MIT · Original npm · Tarball · package.json
$ cnpm install @startupjs/sharedb-access 
SYNC missed versions from official npm registry.

@startupjs/sharedb-access

Installation

  • Install npm: npm install @startupjs/sharedb-access
  • Install yarn: yarn add @startupjs/sharedb-access

Usage

const shareDbAccess = require('sharedb-access')
new shareDbAccess(backend[, options])

Parameters

  • backend - your ShareDB backend instance
  • options(optional) - object with options:
    • options.dontUseOldDocs: false - if true don't save unupdated docs for update action
    • options.opCreatorUserIdPath - path to 'userId' for op's meta

Using sharedb-access you can control create, read, update, and delete database operation for every collection. You can use two types of rules: allow and deny. By default all the operations are denied. So, you should add some rules to allow them. If at least one allow-rule allows the write, and no deny-rules deny the write, then the write is allowed to proceed.

You can call allow and deny-rules as many times as you like. The functions should return true if they think the operation should be allowed for allow rules and denied for deny-rules. Otherwise they should return false, or nothing at all (undefined).

Create

// Allow create-operation for collection 'items'

// docId - id of your doc for access-control
// doc   - document object
// session - your connect session

backend.allowCreate('items', async (docId, doc, session) => {
  return true
})

// Deny creation if user is not admin
backend.denyCreate('items', async (docId, doc, session) => {
  return !session.isAdmin
})

// So, finally, only admins can create docs in 'items' collection
// the same results is if you just write:

backend.allowCreate('items', async (docId, doc, session) => {
  return session.isAdmin
})

Read

Interface is like create-operation

backend.allowRead('items', async (docId, doc, session) => {
  // Allow all operations
  return true
})

backend.denyRead('items', async (docId, doc, session) => {
  // But only if the reader is owner of the doc
  return doc.ownerId !== session.userId
})

Delete

Interface is like create-operation

backend.allowDelete('items', async (docId, doc, session) => {
  // Only owners can delete docs
  return doc.ownerId === session.userId
})

backend.denyDelete('items', async (docId, doc, session) => {
  // But deny deletion if it's a special type of docs
  return doc.type === 'liveForever'
})

Update

// docId - id of your doc for access-control
// oldDoc  - document object (before update)
// session - your connect session
// ops    - array of OT operations
// newDoc  - document object (after update)

const allowUpdateAll = async (docId, oldDoc, session, ops, newDoc) => {
  return true
}

backend.allowUpdate('items', allowUpdateAll);

MIT License 2020

Current Tags

  • 0.29.0                                ...           latest (2 days ago)

8 Versions

  • 0.29.0                                ...           2 days ago
  • 0.28.0                                ...           17 days ago
  • 0.27.0                                ...           19 days ago
  • 0.26.0                                ...           a month ago
  • 0.25.0                                ...           a month ago
  • 0.24.0                                ...           a month ago
  • 0.23.51                                ...           a month ago
  • 0.23.45                                ...           2 months ago
Downloads
Today 0
This Week 9
This Month 27
Last Day 1
Last Week 0
Last Month 37
Dependencies (9)
Dev Dependencies (3)
Dependents (1)

Copyright 2014 - 2016 © taobao.org |