-
Notifications
You must be signed in to change notification settings - Fork 3
/
schema.toml
116 lines (100 loc) · 3.07 KB
/
schema.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
[collections.settings]
indexes = [
"reader",
"creator",
"reader_creator"
]
[collections.events]
indexes = [
"reader",
"creator",
"reader_creator",
"reader_ref"
]
[collections.exchange]
indexes = [
"channel",
"channel_creator_expires_id_watcher_client"
]
[groups.authenticated.rules.client_read]
template = "collection('exchange').anyRead({channel: any()})"
[groups.authenticated.rules.owner_read]
template = "collection('exchange').anyRead()"
validator = """
// only the owner of the document
(context, value) => {
return context.data.key === value.creator
}
"""
[groups.authenticated.rules.create_exchange]
template = "collection('exchange').anyWrite()"
validator = """
// exchange must be of the form
// {channel: string, creator: string, watcher: string, expires: string }
(context, oldValue, newValue) => {
return !oldValue && newValue
&& newValue.hasOwnProperty('channel')
&& typeof newValue.channel === 'string'
&& newValue.channel.length === 16
&& newValue.hasOwnProperty('creator')
&& newValue.hasOwnProperty('expires')
&& Object.keys(newValue).length === 4
}
"""
[groups.authenticated.rules.add_client]
template = "collection('exchange').anyWrite()"
validator = """
(context, oldValue, newValue) => {
return newValue && oldValue
&& newValue.hasOwnProperty('client')
&& newValue.channel === oldValue.channel
&& newValue.creator === oldValue.creator
&& newValue.watcher === oldValue.watcher
&& newValue.expires === oldValue.expires
&& newValue.id === oldValue.id
&& Object.keys(newValue).length === 7
}
"""
[groups.authenticated.rules.renew_or_delete_exchange]
template = "collection('exchange').anyWrite()"
validator = """
// only the owner of the document can replace it
(context, oldValue, newValue) => {
return !!oldValue && context.data.key === oldValue.creator
}
"""
[groups.admin]
[groups.admin.rules.carte_blanche]
template = "any()"
[groups.authenticated.rules.user_read]
template = "collection('users').find({id: userId()})"
[groups.authenticated.rules.user_update]
template = "collection('users').anyWrite({id: userId()})"
[groups.authenticated.rules.settings_read]
template = "collection('settings').anyRead()"
validator = """
(user, doc) => {
return user.data
&& [doc.creator, doc.reader].indexOf(user.data.key) > -1
}
"""
[groups.authenticated.rules.settings_write]
template = "collection('settings').anyWrite()"
validator = """
(user, oldDoc, newDoc) => {
if (!user.data)
return false
cond = []
if (oldDoc)
cond.push([oldDoc.creator, oldDoc.reader].indexOf(user.data.key) > -1)
if (newDoc)
cond.push([newDoc.creator, newDoc.reader].indexOf(user.data.key) > -1)
return cond.reduce((prev, cur) => {
return prev && cur
})
}
"""
[groups.authenticated.rules.events_read]
template = "collection('events').anyRead({creator: any(), reader: userId(), content: any()})"
[groups.authenticated.rules.events_write]
template = "collection('events').anyWrite({creator: userId(), reader: any(), content: any()})"