DOCSP-35175 Refresh permissions when custom user data changes #796
Conversation
✅ Deploy Preview for app-services ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
samuel-ping
left a comment
samuel-ping
left a comment
There was a problem hiding this comment.
This is looking really good so far! I think I wasn't completely clear when explaining some things to you, that's definitely on me- the comments I left should address those.
I think an overarching idea is that on their own, custom user data documents don't do anything. They are just extra fields of information you can store for a user. You can reference custom user data in your roles, and the way your roles are set up will determine the permissions for a user.
Let me know if you have any more questions about anything!
source/users/custom-metadata.txt
Outdated
| "user_id": "63ed2dbe5960df2af7fd216e" | ||
| } | ||
|
|
||
| Unsetting the non-ID field allows App Services to remove the employee's |
There was a problem hiding this comment.
There's a slight detail where if you delete the document instead of unsetting the field, we just won't automatically update the employee's permissions. The permissions would still be updated if the end user closes and re-opens their app, for example.
Also, deleting the custom user data document doesn't necessarily mean that the employee's permissions are removed, as they could still have some permissions if the developer has a role set up with an empty apply_when expression as a catch-all.
source/users/custom-metadata.txt
Outdated
| standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB | ||
| driver, or MongoDB Compass. | ||
|
|
||
| Modify User Permissions in Custom User Data Documents |
There was a problem hiding this comment.
I think a more apt title might be along the lines of "Best Custom User Data Practices for Automatic Refreshing Permissions"
Reason being, I feel like the current title gives the idea that custom user data documents alone can set permissions, when in reality its all dependent on the roles the developer has set up.
There was a problem hiding this comment.
Simplified to Permissions and Custom User Data. I can workshop the title with copy reviewer, thanks!
samuel-ping
left a comment
samuel-ping
left a comment
There was a problem hiding this comment.
Also I know I provided you with the current example, but I actually think it would make sense to simplify the example to just the example provided in the Jira ticket. So for example with the following custom user data document:
{
"_id": "63ed2erealobjectid78e526",
"user_id": "63ed2dbe5960df2af7fd216e",
"canRead": true,
"canWrite": true,
}
If you wanted to remove this user's document and have the resulting permissions be automatically reflected for the user's sessions, you should first unset all of their non-ID fields. After that change, the above document would become:
{
"_id": "63ed2erealobjectid78e526",
"user_id": "63ed2dbe5960df2af7fd216e",
}
and the user's permissions will automatically refresh according to the roles. After that you can safely delete the custom user data document if you wish.
✅ Deploy Preview for app-services ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
samuel-ping
left a comment
samuel-ping
left a comment
There was a problem hiding this comment.
Everything looks good technically! I just left a couple of super nitpicky optional nitpicks, but I'll leave it up to you to decide whether you want to make the changes.
cbullinger
left a comment
cbullinger
left a comment
There was a problem hiding this comment.
one suggestion, but otherwise lgtm!
source/users/custom-metadata.txt
Outdated
| standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB | ||
| driver, or MongoDB Compass. | ||
|
|
||
| Permissions and Custom User Data |
There was a problem hiding this comment.
| Permissions and Custom User Data | |
| Refresh User Permissions for Custom User Data |
can't think of a better wording, but this is more about refreshing permissions, right?
|
✨ Staging URL: https://preview-mongodbmongodb.gatsbyjs.io/atlas-app-services/master/ 🪵 Logs |
4 participants
Pull Request Info
Jira ticket: https://jira.mongodb.org/browse/DOCSP-35175
Reminder Checklist
Before merging your PR, make sure to check a few things.
Release Notes
Authenticate and Manage Users
Review Guidelines
REVIEWING.md