Open TheSlimvReal opened 2 years ago
Point 3 would probably be the solution which would give us the most freedom how complex rule can get but I am not sure how well it scales and also the rule definitions can get increasingly complex (see the query syntax).
Point 2 has the danger that the permissions and the data might get out of sync when there are some errors which is difficult to recover from. Also the implementation effort is very high as this a completely new concept.
Point 1 is my preferred option as the restructuring comes with some other nice benefits (less indices, easy permissions on related data) but it still has limitations e.g. user X can only read notes where a child is linked for which user X has access. I am not sure though if we should support something like this. The other point is that for the above use case we would also need to update the org.couchdb.user
object or the permission rule based on which schools a user is allowed to have access to. This needs to be incorporated into the UI (e.g. the school can be assigned to the user which triggers the user or the permission object to be updated - not supported yet).
I'll try to list out essential user stories here:
Rule to give user access to ...
Looking at our abstract entity property models we roughly had
We can maybe completely do away with the two-step refs by always embedding these (not sure, haven't carefully thought this through). But I think we do need a way to handle permissions for direct entity refs, where the rule is not only specifying individual IDs of the related entity but instead a rule based on rules.
Currently, the permission definitions in CASL only allow to restrict access based on the active user, the requested entity and the properties of the requested entity. This allows permissions like user X can only read female children.
A more advanced but still common use case would involve a relationship check. E.g. user Y can only read children which currently attend school Z This is currently not possible, because it would require for each child that it requested, to load the child school relations and than check which school the child currently attends. This mechanism is not supported by the CASL library (only works synchronous).
I currently see the following options to support the described scenario
org.couchdb.user
object or as a database role for which schoolID's a user has access.