npm
Sign UpSign In

samjs-mongo-isOwner

0.2.0 • Public • Published

samjs-mongo-isOwner

Plugin for managing user owned documents in samjs-mongo.

Getting Started

npm install --save samjs-mongo-isOwner

Usage

samjs.plugins([
  // samjs-auth and samjs-mongo are needed before samjs-mongo-isOwner
  require("samjs-auth"),
  require("samjs-mongo"),
  require("samjs-mongo-isOwner")
])
.options()
.configs()
.models({
  name: "someModel",
  db: "mongo",
  plugins: {
    isOwner:
      read: "root" // right to read documents of other users, defaults to root
      write: "root" // right to change and delete documents of other users, defaults to root
  },
  schema: {
    someProp: {
      type: String
      }
    },
}).startup(server)

// client side
var model = new client.Mongo("testModel")
// will set owner to current user
model.insert({someProp:"test"})
// will only find documents of the current user
model.find({find:{someProp:"test"}})
// will only update documents of the current user
model.update(cond:{someProp:"test"},doc:{someProp:"test2"})
// not possible to change owner / only for rootroot
model.update(cond:{someProp:"test2"},doc:{owner:"user2"})
// will only delete documents of the current user
model.remove({someProp:"test2"})

in conjunction with samjs-mongo-auth

insert and remove access for documents changes a bit and can be controlled

.models({
  name: "someModel",
  db: "mongo",
  plugins: {
    isOwner:{
      read: "root" // right to read documents of other users, defaults to root
      write: "root" // right to change and delete documents of other users, defaults to root
    },
    auth:{
      // allows user to create documents even when access to parts of it are forbidden (like the owner prop)
      // defaults to true
      // meaning users can create new owned documents
      // set to false if you can't trust user and need a more controlled mechanismn to create user owned documents
      insertable: true,
      // allows user to delete documents even when access to parts of it are forbidden (like the owner prop)
      // defaults to false
      // meaning users can't delete their own documents
      // set to true if you can trust user and need to allow to delete their own documents
      deletable: false
    }
  },
  schema: {
    someProp: {
      type: String,
      read: true,
      write: true // give user access to write the 'someProp' properties of owned documents
      }
    }
})

Readme

Keywords

none

Package Sidebar

Install

npm i samjs-mongo-isOwner

Repository

github.com/SAMjs/samjs-mongo-isOwner

Homepage

github.com/SAMjs/samjs-mongo-isOwner#readme

Weekly Downloads

1

Version

0.2.0

License

none

Last publish

Collaborators

  • paulpflug
Try on RunKit
Report malware