-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathpermissions.polar
51 lines (37 loc) · 1.25 KB
/
permissions.polar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
######## Permissions #######
### Everyone can getHello
allow(_user, "getHello", "App");
# Logged in users have all model-level document permissions
allow(_user: User, _, "Document");
# Anyone has the potential to read documents
allow(_, "read", "Document");
# But guests can only read public docs
allow(user, "read", document: Document) if
role(user, "guest", document)
and not members_only(document);
# Documents are members only if the membersOnly flag is set
members_only(document: Document) if document.membersOnly;
# Members can read + update
allow(user, action, document: Document) if
role(user, "member", document)
and document_actions(action, permission)
and permission in ["read", "update"];
# Can create if they are the document owner and
# they are at least a member of the project
allow(user: User, "create", document) if
document.owner.id = user.id
and role(user, "member", document.project);
# Owners can delete
allow(user: User, "delete", document: Document) if
role(user, "owner", document);
####### Action mappings #######
document_actions(action, "read") if
action in [
"findOne",
"findAll",
"read",
];
document_actions(action, "update") if
action in [
"edit",
];