@startupjs/sharedb-access
Installation
- Install npm:
npm install @startupjs/sharedb-access
- Install yarn:
yarn add @startupjs/sharedb-access
Usage
const shareDbAccess = require('sharedb-access')
new shareDbAccess(backend[, options])
Parameters
backend
- your ShareDB backend instanceoptions
(optional) - object with options:
options.dontUseOldDocs
: false - if true don't save unupdated docs for update actionoptions.opCreatorUserIdPath
- path to 'userId' for op's meta
Using sharedb-access
you can control create
, read
, update
, and delete
database operation for every collection. You can use two types of rules:
allow
and deny
. By default all the operations are denied. So, you should
add some rules to allow them. If at least one allow
-rule allows the write, and
no deny
-rules deny the write, then the write is allowed to proceed.
You can call allow
and deny
-rules as many times as you like. The functions
should return true
if they think the operation should be allowed for allow
rules and denied for deny
-rules. Otherwise they should return false
, or
nothing at all (undefined
).
Create
backend.allowCreate('items', async (docId, doc, session) => {
return true
})
backend.denyCreate('items', async (docId, doc, session) => {
return !session.isAdmin
})
backend.allowCreate('items', async (docId, doc, session) => {
return session.isAdmin
})
Read
Interface is like create
-operation
backend.allowRead('items', async (docId, doc, session) => {
return true
})
backend.denyRead('items', async (docId, doc, session) => {
return doc.ownerId !== session.userId
})
Delete
Interface is like create
-operation
backend.allowDelete('items', async (docId, doc, session) => {
return doc.ownerId === session.userId
})
backend.denyDelete('items', async (docId, doc, session) => {
return doc.type === 'liveForever'
})
Update
const allowUpdateAll = async (docId, oldDoc, newDoc, ops, session) => {
return true
}
backend.allowUpdate('items', allowUpdateAll);
MIT License 2020