You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the present auth system, roles inform who can perform certain operations (ie read, insert, update, delete) on data in your collection definitions under permissions.
The schema object is not aware of your app's defined role definitions, so the keys under your permissions are typed as strings. This may be frustrating if you delete or edit a role name, as you won't have an indicator in your permissions that the role no longer exists.
Role definitions also can define wildcards which can be used in the permissions filter ([['owner', '=', '$role.userId']]). Similarly this is just typed as a string, so editing the structure of your role and the wildcards will not "break" your permission definitions.
Possible improvements
Typescript's generics provide a nice format for passing data into a type, which might be passed into Models<..., R extends Roles>.
Helper functions could be used for accessing wildcards. You could define something like (pseudocode) const roleVars = RoleVars<R extends Roles>(roles) and roleVars('user').userId and [['owner', '=', roleVars('user').userId]]. A helper like that could be typesafe and also be simpler to write than our variables syntax.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Current
With the present auth system,
roles
inform who can perform certain operations (ie read, insert, update, delete) on data in your collection definitions underpermissions
.These are two separate structures:
The
schema
object is not aware of your app's defined role definitions, so the keys under yourpermissions
are typed as strings. This may be frustrating if you delete or edit a role name, as you won't have an indicator in your permissions that the role no longer exists.Role definitions also can define wildcards which can be used in the permissions filter (
[['owner', '=', '$role.userId']]
). Similarly this is just typed as a string, so editing the structure of your role and the wildcards will not "break" your permission definitions.Possible improvements
Models<..., R extends Roles>
.const roleVars = RoleVars<R extends Roles>(roles)
androleVars('user').userId
and[['owner', '=', roleVars('user').userId]]
. A helper like that could be typesafe and also be simpler to write than our variables syntax.Beta Was this translation helpful? Give feedback.
All reactions