-
-
Notifications
You must be signed in to change notification settings - Fork 311
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(core) add some row-level access control
Summary: This implements a form of row-level access control where for a given table, you may specify that only owners have access to rows for which a given column has falsy values. For simplicity: * Only owners may edit that table. * Non-owners with the document open will have forced reloads whenever the table is modified. Baby steps... Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2633
- Loading branch information
Showing
4 changed files
with
214 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/** | ||
* All possible access clauses. There aren't all that many yet. | ||
* In future the clauses will become more generalized, and start specifying | ||
* the principle / properties of the user to which they apply. | ||
*/ | ||
export type GranularAccessClause = | ||
GranularAccessDocClause | | ||
GranularAccessTableClause | | ||
GranularAccessRowClause; | ||
|
||
/** | ||
* A clause that forbids anyone but owners from modifying the document structure. | ||
*/ | ||
export interface GranularAccessDocClause { | ||
kind: 'doc'; | ||
rule: 'only-owner-can-modify-structure'; | ||
} | ||
|
||
/** | ||
* A clause that forbids anyone but owners from accessing a particular table. | ||
*/ | ||
export interface GranularAccessTableClause { | ||
kind: 'table'; | ||
tableId: string; | ||
rule: 'only-owner-can-access'; | ||
} | ||
|
||
/** | ||
* A clause that forbids anyone but owners from editing a particular table | ||
* or viewing rows for which the named column contains a falsy value. | ||
*/ | ||
export interface GranularAccessRowClause { | ||
kind: 'row'; | ||
tableId: string; | ||
colId: string; | ||
rule: 'only-owner-can-edit-table-and-access-all-rows'; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters