开发者社区> 镜像站> NPM> sharedb-access
sharedb-access
Sharedb access-control midleware
Last updated 2 years ago by ovvn .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install sharedb-access 
SYNC missed versions from official npm registry.

sharedb-access

NPM

Note

If you use nodejsthat doesn't support async/await you need sharedb-access@3.0.0

Installation

  • Install: npm install sharedb-access

Usage

const shareDbAccess = require('sharedb-access')
shareDbAccess(backend)

Using sharedb-access you can control create, read, update, and delete database operation for every collection. You can use two types of rules: allow and deny. By default all the operations are denied. So, you should add some rules to allow them. If at least one allow-rule allows the write, and no deny-rules deny the write, then the write is allowed to proceed.

You can call allow and deny-rules as many times as you like. The functions should return true if they think the operation should be allowed for allow rules and denied for deny-rules. Otherwise they should return false, or nothing at all (undefined).

Create

// Allow create-operation for collection 'items'

// docId - id of your doc for access-control
// doc   - document object
// session - your connect session

backend.allowCreate('items', async (docId, doc, session) => {
  return true
})

// Deny creation if user is not admin
backend.denyCreate('items', async (docId, doc, session) => {
  return !session.isAdmin
})

// So, finally, only admins can create docs in 'items' collection
// the same results is if you just write:

backend.allowCreate('items', async (docId, doc, session) => {
  return session.isAdmin
})

Read

Interface is like create-operation

backend.allowRead('items', async (docId, doc, session) => {
  // Allow all operations
  return true
})

backend.denyRead('items', async (docId, doc, session) => {
  // But only if the reader is owner of the doc
  return doc.ownerId !== session.userId
})

Delete

Interface is like create-operation

backend.allowDelete('items', async (docId, doc, session) => {
  // Only owners can delete docs
  return doc.ownerId === session.userId
})

backend.denyDelete('items', async (docId, doc, session) => {
  // But deny deletion if it's a special type of docs
  return doc.type === 'liveForever'
})

Update

// docId - id of your doc for access-control
// oldDoc  - document object (before update)
// newDoc  - document object (after update)
// ops    - array of OT operations
// session - your connect session

const allowUpdateAll = async (docId, oldDoc, newDoc, ops, session) => {
  return true
}

backend.allowUpdate('items', allowUpdateAll);

MIT License 2017 by Artur Zayats

Current Tags

  • 5.0.0                                ...           latest (2 years ago)

10 Versions

  • 5.0.0                                ...           2 years ago
  • 4.2.0                                ...           3 years ago
  • 4.1.0                                ...           3 years ago
  • 4.0.1                                ...           3 years ago
  • 4.0.0                                ...           3 years ago
  • 3.0.0                                ...           5 years ago
  • 2.0.3                                ...           5 years ago
  • 2.0.2                                ...           5 years ago
  • 2.0.1                                ...           5 years ago
  • 2.0.0                                ...           5 years ago
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 0
Dependencies (2)
Dev Dependencies (0)
None