Skip to content

blog: update out-of-date schema for saas-backend #346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 29, 2024
Merged

blog: update out-of-date schema for saas-backend #346

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions blog/saas-backend/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,14 +69,14 @@ Let’s take a look at all the permissions of the Post and how they could be exp

the owner must be set to the current user, and the organization must be set to one that the current user belongs to.
```tsx
@@allow('create', owner == auth() && org.members?[this == auth()])
@@allow('create', owner == auth() && org.members?[id == auth().id])
```
- Update

only the owner can update it and is not allowed to change the organization or owner

```tsx
@@allow('update', owner == auth() && org.future().members?[this == auth()] && future().owner == owner)
@@allow('update', owner == auth() && org.future().members?[id == auth().id] && future().owner == owner)
```
- Read

Expand All @@ -86,7 +86,7 @@ the owner must be set to the current user, and the organization must be set to o
```
- allow the member of the organization to read it if it’s public
```tsx
@@allow('read', isPublic && org.members?[this == auth()])
@@allow('read', isPublic && org.members?[id == auth().id])
```
- allow the group members to read it
```tsx
Expand Down Expand Up @@ -117,15 +117,15 @@ abstract model organizationBaseEntity {
groups Group[]

// when create, owner must be set to current user, and user must be in the organization
@@allow('create', owner == auth() && org.members?[this == auth()])
@@allow('create', owner == auth() && org.members?[id == auth().id])
// only the owner can update it and is not allowed to change the owner
@@allow('update', owner == auth() && org.members?[this == auth()] && future().owner == owner)
@@allow('update', owner == auth() && org.members?[id == auth().id] && future().owner == owner)
// allow owner to read
@@allow('read', owner == auth())
// allow shared group members to read it
@@allow('read', groups?[users?[this == auth()]])
@@allow('read', groups?[users?[id == auth().id]])
// allow organization to access if public
@@allow('read', isPublic && org.members?[this == auth()])
@@allow('read', isPublic && org.members?[id == auth().id])
// can not be read if deleted
@@deny('all', isDeleted == true)
}
Expand All @@ -152,7 +152,7 @@ model ToDo extends organizationBaseEntity {
All the multi-tenant, soft delete and sharing features will just work automatically. Additionally, if any specialized access control logic is required for **`ToDo`**, such as allowing shared individuals to update it, you can effortlessly add the corresponding policy rule within the **`ToDo`** model without concerns about breaking existing functionality:

```tsx
@@allow('update', groups?[users?[this== auth()]] )
@@allow('update', groups?[users?[id == auth().id]] )
```

## How much Typescript/JavaScript code do I need to write
Expand Down