How do I make a permission group that only gives the User acess to a resource "profiles" that has the same username as the user

[Toasterson]

So I have two documents, user (which I use the admin Collection for) and profile. I would like to limit the users capability to only be able to update profiles which have username that is the same as the users username. How do I write a resource name that does that?

[ecton]

Currently, there isn't a way to execute any logic on the contents of documents to determine whether or not permissions should be applied. It's an interesting idea, and I'll try to brainstorm how this might be doable in the future.

Today, there are two approaches i can suggest:

• Create a separate group for each user with a list of whatever documents are theirs to edit. This seems like a lot of work, and it makes me think that the User object should be able to have an inline permissions set to avoid needing user-specific roles for this type of configuration.
• Lock the collection down, and use a connection with elevated permissions to do the document update after verifying the user is editing a document they should be allowed to.

Apologies I don't have a great answer that works today for your setup!

[Toasterson]

Hi @ecton thanks for the reply. Yes ABAC is a nice feature to have I have now found the entries in the book where I can at least make the entries via the user_id at the moment. I can easily enough use the document id for that at the moment, since the list is going to be static and I can make groups for the shared resources the user should have access too.