sharedb-access

5.0.0 • Public • Published

sharedb-access

NPM

Note

If you use nodejsthat doesn't support async/await you need sharedb-access@3.0.0

Installation

  • Install: npm install sharedb-access

Usage

const shareDbAccess = require('sharedb-access')
shareDbAccess(backend)

Using sharedb-access you can control create, read, update, and delete database operation for every collection. You can use two types of rules: allow and deny. By default all the operations are denied. So, you should add some rules to allow them. If at least one allow-rule allows the write, and no deny-rules deny the write, then the write is allowed to proceed.

You can call allow and deny-rules as many times as you like. The functions should return true if they think the operation should be allowed for allow rules and denied for deny-rules. Otherwise they should return false, or nothing at all (undefined).

Create

// Allow create-operation for collection 'items'
 
// docId - id of your doc for access-control
// doc   - document object
// session - your connect session
 
backend.allowCreate('items', async (docId, doc, session) => {
  return true
})
 
// Deny creation if user is not admin
backend.denyCreate('items', async (docId, doc, session) => {
  return !session.isAdmin
})
 
// So, finally, only admins can create docs in 'items' collection
// the same results is if you just write:
 
backend.allowCreate('items', async (docId, doc, session) => {
  return session.isAdmin
})

Read

Interface is like create-operation

backend.allowRead('items', async (docId, doc, session) => {
  // Allow all operations
  return true
})
 
backend.denyRead('items', async (docId, doc, session) => {
  // But only if the reader is owner of the doc
  return doc.ownerId !== session.userId
})

Delete

Interface is like create-operation

backend.allowDelete('items', async (docId, doc, session) => {
  // Only owners can delete docs
  return doc.ownerId === session.userId
})
 
backend.denyDelete('items', async (docId, doc, session) => {
  // But deny deletion if it's a special type of docs
  return doc.type === 'liveForever'
})

Update

// docId - id of your doc for access-control
// oldDoc  - document object (before update)
// newDoc  - document object (after update)
// ops    - array of OT operations
// session - your connect session
 
const allowUpdateAll = async (docId, oldDoc, newDoc, ops, session) => {
  return true
}
 
backend.allowUpdate('items', allowUpdateAll);

MIT License 2017 by Artur Zayats

Package Sidebar

Install

npm i sharedb-access

Weekly Downloads

366

Version

5.0.0

License

MIT

Unpacked Size

12.4 kB

Total Files

4

Last publish

Collaborators

  • cray0000
  • fctsvirus
  • ovvn
  • zag2art