You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After reasoning a while on how to implement access on the database based on user groups it occurred to me that there are two main ways to do it:
Either those other variables get implemented, giving the ability to search on the database to authorize the requests.
Or it is made possible to give less stringent permissions on the __auth__ database. Currently all non-admin access is denied, while it may be better to deny it by default, while allowing other explicit rules in rules.json to change this behavior (one could write a rule that allows everyone to access username, displayName but not email nor the password field; moreover one could write a rule that allows the user to modify other fields but not e.g. a custom groups field which would get implemented server-side).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Searching in the source code of acebase-server I see that it is planned to introduce new variables in rules adding to the currently implemented
nowandauth.After reasoning a while on how to implement access on the database based on user groups it occurred to me that there are two main ways to do it:
__auth__database. Currently all non-admin access is denied, while it may be better to deny it by default, while allowing other explicit rules inrules.jsonto change this behavior (one could write a rule that allows everyone to access username, displayName but not email nor the password field; moreover one could write a rule that allows the user to modify other fields but not e.g. a customgroupsfield which would get implemented server-side).What do you think?
Beta Was this translation helpful? Give feedback.
All reactions