Permissions ūüĒĎ

Permissions ūüĒĎ

Control under which conditions users can access which objects.

In Stackprint you can configure permission to control which users have access to which objects. Permissions are specified as rules in the API configuration:

{% c-block language="yaml" %}
resources:
 - name: Note
   path: notes
   schema:
      ...
   auth:
     rules:
       [ permission rules go here ]
{% c-block-end %}

‚Äć

Permission Rules

Permission rules specify under which condition a user is granted which operations on an object. They contain the following fields:

‚Äć

allow (enum)

Allowed values:  user | organisation | authenticated | admin | public

The identity field that the permission rule will be based on. That can either be the user identifier, the organisation or the flags indicating if the user is authenticated or an admin user. The public flag can be used to grant access to everyone without the need for authentication.

‚Äć

in (string)

The object field whose value should be compared with the value in the previously specified identity field. If the values match, the condition of the rule is met. Only required allow is either 'user' or 'organisation'.

‚Äć

operations (array | 'all')

Allowed values in array: create | read | update | delete

When the rule's condition is met for an object, a user will be allowed to perform the operations specified here.

‚Äć

Examples

Grant a user access to his personal notes

{% c-block language="yaml" %}
resources:
 - name: Note
   path: notes
   schema:
      properties:
       author:
         type: string
        ...
   auth:
     rules:
       - allow: user
         in: author
         operations: all
{% c-block-end %}

‚Äć

Grant members of a user's organisation read access to all notes, only the author has write access

{% c-block language="yaml" %}
resources:
 - name: Note
   path: notes
   schema:
      properties:
       author:
         type: string
       org:
         type: string
        ...
   auth:
     rules:
       - allow: organisation
         in: org
         operations:
            - read
       - allow: user
         in: author
         operations: all
{% c-block-end %}

‚Äć

Grant all authenticated users read access to all notes, only the author has write access

{% c-block language="yaml" %}
resources:
 - name: Note
   path: notes
   schema:
      properties:
       author:
         type: string
       org:
         type: string
        ...
   auth:
     rules:
       - allow: authenticated
         operations:
            - read
       - allow: user
         in: author
         operations: all
{% c-block-end %}

‚Äć

Grant public read access to all notes, only the author has write access

{% c-block language="yaml" %}
resources:
 - name: Note
   path: notes
   schema:
      properties:
       author:
         type: string
       org:
         type: string
        ...
   auth:
     rules:
       - allow: public
         operations:
            - read
       - allow: user
         in: author
         operations: all
{% c-block-end %}

‚Äć