X
X

Login

Login if you already have an account

LOGIN

Register

Create a new account. join us!

REGISTER

Support

Need some help? Check out our forum.

FORUM
March 30, 2014 vprakash@miegoapps.com

Permissions

HTML5
Every attempt to read or write (i.e. create, read, update or delete) an object is subject to a permissions check on the backend. This is set up at the API level where every object has an Object Access Policy (OAP) associated with it, effectively determining permissions for every user, on every object in the API.

Users, User Groups and Declarative Permissions

Most applications will be fine using the powerful declarative permissions capabilities of the NoServer framework. From a client-code perspective, this involves adding and removing groups and users in groups (see User Groups) that correspond to the PERMIT settings for your API.

Example: Using the declarative default OAP by adding users to groups

First, assume the OAP in the application.ffdl file is as follows:

PERMIT read:public write:creator.buddies ON /Foo
Now anything a user puts in the /Foo collection will be readable by all, but only writeable by himself and the users in his own “buddies” group.

To create and populate the buddies FFUserGroup, we might write

TODO – add HTML5/JS

Explicitly Setting Permissions From Your Client Code

There are times when you may (via client application code) explicitly set or change OAPs on objects for which a user has modify permissions. The FatFractal SDKs allow you to programmatically set or change read and write permissions on an object by group, by specific user or by a combination of the two. Methods are also provided to reset the default permission.

Users (via client application code) may also explicitly set or change OAPs on objects for which they have modify permissions. OAPs can also be set by server extensions and event handlers. Unlike Default OAPs, setting or changing an OAP at runtime may only be done on an object-by-object basis. The FatFractal HTML5/JS SDK allows the developer to programmatically set or change read and write permissions on an object by group, by specific user or by a combination of the two. Methods are also provided to reset the default permission.

In the following example code, assume that we have

  • an object belonging to collection /Foo, with guid “xyz”
  • two arrays of FFUser objects, one called readUsers and one called writeUsers
  • two arrays of FFUserGroup objects, one called readGroups and one called writeGroups.

To set an OAP on an object foo, you would write the following code. Note that all four parameters for the setPermissionOnObject are required, even if they are not set.

var f = require('ffef/FatFractal');
var foo = ...;
var readUsers = [...], writeUsers = [...], readGroups = [...], writeGroups = [...];
ff.setPermissionOnObject(foo, readUsers, readGroup, writeUsers, writeGroups);

Modifying System User Permissions From You Client Code

NOTE on the ‘system’ user
Note that the ‘system’ user (which is, by default, the user as which server-side code database interactions are executed) will always have all permissions on every object in your app’s database.

In the event you want to modify system owned OAPs you must be logged in as the system user from your client code, then you can add groups to the system user or add some users to those groups:

Assuming that the application’s configuration file, application.ffdl, contains the following:
PERMIT read:system.Administrators write:system.SuperUsers ON /RegistrationRequests

var ff = require('ffef/FatFractal');
//
// get system user
var systemUser = ff.getObjFromUri("/FFUser/system");
//
// create "Administrators" and "SuperUsers" groups and add to system user
var admins = new ff.FFUserGroup({createdBy:systemUser.createdBy, groupName:'Administrators'});
var superusers = new ff.FFUserGroup({createdBy:systemUser.createdBy, groupName:'SuperUsers'});
//
// add users to groups
var user3 = ..., user4 = ..., ...;
admins.addUser(user3);
superusers.addUser(user4);
...

Contact