WritePermission based on field value

Rasmus_B · February 12, 2021, 5:48pm

Hi there.

I’m trying to figure out the best way to apply write permission to a collection.
Say i have a collection ‘CarAd’:
I use the partition ‘car=public’, and everyone has read-rights because i want everyone to be able to se my CarAd.
I don’t want anyone but the creator of the CarAd to be able to edit the data…
I’ve tried toying around triggers and functions, but have not been succesfull.

So my question is:
Is there anyway to determine if a user has write-rights based on another field value - say ‘creator_id’ or such?

I realize that i could create two collection types with different names, and use a trigger to copy inserted object into the public realm, but i would like to avoid the redundancy and it just seems wrong somehow.

Hope this makes sense

Rasmus_B · February 13, 2021, 7:37am

I think i found the answer here (or at least a solution that will do):

I’ll accept redundancy, and copy object to public realm with a new id. When updating the object, i’ll use a trigger to update the object in the public realm.

Andrew_Morgan · February 16, 2021, 1:15pm

For your sync write permissions, you can specify a function like this:

{
  "%%true": {
    "%function": {
      "arguments": [
        "%%partition"
      ],
      "name": "canWritePartition"
    }
  }
}

and then in canWritePartition you can access the requesting user from context.user.

If you set the partition value to “car=123456789” then the function can get to the car’s ID like this:

const splitPartition = partition.split("=");
if (splitPartition.length == 2) {
    carID = splitPartition[1];
} else {
    console.log(`Couldn't extract the partition key/value from ${partition}`);
    return false;
}

You can then fetch the document for the car and check whether it’s owned by this user.