Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security solutions for Blueprint #56

Open
theodorDiaconu opened this issue Oct 6, 2021 · 1 comment · May be fixed by #293
Open

Security solutions for Blueprint #56

theodorDiaconu opened this issue Oct 6, 2021 · 1 comment · May be fixed by #293
Assignees
@y-moufakkr
Labels
enhancement New feature or request impact:high Should be prioritised as it can impact many projects or the vision of BlueLibs package:x This is the command-line CLI

Comments

@theodorDiaconu
Copy link
Contributor

theodorDiaconu commented Oct 6, 2021
edited

Security options with basic option in blueprint, roles, security owner, etc.
Keep it in "Collection.security.ts" (overridable) inside the resolvers for GraphQL.

Some thoughts for a primitive API:

// Pure Basic Security Principles
collection({
   security: {
      [Roles.ADMIN]: collection.security.everything,
      [Roles.MANAGER]: ["edit", "create"]
   },
   fields: [ 
       field({
         security: {
             [Roles.ADMIN]: [ "view", "edit", "create" ]
         }
       });
   ]
});
  • We should also have a language in which we say 'if you own it you can modify it or otherwise you can only see it'
@theodorDiaconu theodorDiaconu added enhancement New feature or request package:x This is the command-line CLI labels Oct 6, 2021
@theodorDiaconu
Copy link
Contributor Author

theodorDiaconu commented Dec 16, 2021
edited

API Proposal:

security: {
	roles: {},
	'user': true | false | {} | collection.security.isolated("companyId", "companyId"),
	collection.security.tenant("companyId"),
	'anonymous':  {
		maxLimit: 100,
		maxDepth: 5,
		findOne: true | { filters, intersect },
		find: true | { filters, intersect }, 
		edit: true | { filters, fields: [], inside: "userId" },
		create: true | { own: "userId", fields }
		delete: true | { own: "userId", filters, "identity": "user._id" }
	}
},
fields: [
	field({
             // Should we define field-level security logic? Wouldn't it be too much repetition and ugly blueprints?
	})
]


shield.base.ts which is re-exported inside shield.base {}
// roles imported
export const shield: ShieldConfig<Post> = {
	roles: {

	}
}

shield(config, { resolvers });

@theodorDiaconu theodorDiaconu added the impact:high Should be prioritised as it can impact many projects or the vision of BlueLibs label Dec 16, 2021
@theodorDiaconu theodorDiaconu mentioned this issue Apr 26, 2022
Closed
@y-moufakkr y-moufakkr linked a pull request May 16, 2022 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@y-moufakkr y-moufakkr

Labels
enhancement New feature or request impact:high Should be prioritised as it can impact many projects or the vision of BlueLibs package:x This is the command-line CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[WIP] Feat/x/56 blueprint security solution bluelibs/bluelibs
2 participants
@theodorDiaconu @y-moufakkr