Note

If you use nodejs that doesn't support async/await you need sharedb-access@3.0.0

Installation

Install: npm install sharedb-access

Usage

const shareDbAccess = require ( 'sharedb-access' ) shareDbAccess(backend)

Using sharedb-access you can control create , read , update , and delete database operation for every collection. You can use two types of rules: allow and deny . By default all the operations are denied. So, you should add some rules to allow them. If at least one allow -rule allows the write, and no deny -rules deny the write, then the write is allowed to proceed.

You can call allow and deny -rules as many times as you like. The functions should return true if they think the operation should be allowed for allow rules and denied for deny -rules. Otherwise they should return false , or nothing at all ( undefined ).

Create

backend.allowCreate( 'items' , async (docId, doc, session) => { return true }) backend.denyCreate( 'items' , async (docId, doc, session) => { return !session.isAdmin }) backend.allowCreate( 'items' , async (docId, doc, session) => { return session.isAdmin })

Read

Interface is like create -operation

backend.allowRead( 'items' , async (docId, doc, session) => { return true }) backend.denyRead( 'items' , async (docId, doc, session) => { return doc.ownerId !== session.userId })

Delete

Interface is like create -operation

backend.allowDelete( 'items' , async (docId, doc, session) => { return doc.ownerId === session.userId }) backend.denyDelete( 'items' , async (docId, doc, session) => { return doc.type === 'liveForever' })

const allowUpdateAll = async (docId, oldDoc, newDoc, ops, session) => { return true } backend.allowUpdate( 'items' , allowUpdateAll);

MIT License 2017 by Artur Zayats