Permissions cookbook page

rethinkdb / horizon-docs

Other

24 stars 35 forks source link

Permissions cookbook page #64

Open deontologician opened 8 years ago

deontologician commented 8 years ago

Since the permissions system is very wide open and flexible, it makes sense to have a permissions cookbook page that shows you how to implement common types of rules, like:

giving an admin user permission to do any operation,
creating a group to administrate another group
giving a user ownership of a group (power to create and destroy it)

mglukhovsky commented 8 years ago

Here's an example @segphault mentioned:

Allowing a user to delete their own bookmarks:

[groups.authenticated.rules.delete_own_bookmarks]
template = "collection('bookmarks').remove(any())"
validator = """
 (context, oldValue, newValue) => {
   return oldValue.user === context.id;
 }
"""

This may look differently if we extend context to include additional info, such as a user property.

chipotle commented 8 years ago

If people could come up with a few of the examples in Josh's bullet list above, that would be helpful for me. (It might also be good to have a section that gives the rationale for Horizon using a "deny all access by default and explicitly define exceptions" approach to data permissions, although that might be a different ticket.)

deontologician commented 8 years ago

Note to self: do this