We always love to read what Cory Wiles has to say – check out his new blog post “11995 Minutes of Development“.
In case you have not seen his previous post about FatFractal, you can find it here.
As a Developer, I want to be able to implement access control policies that are inherited from another object so that I can easily propagate access control policies within my application.
If you want to set a default permission for objects in a collection that inherit permissions from another object, it is super easy using FFDL (what is FFDL?).
Say you have a Collection of JokeBook objects with permission defaults set and another Collection of Joke objects that have a reference to a JokeBook and you would like your Joke objects to inherit their default permissions from JokeBook objects. OK – short version is that I want the permissions for a Joke to be the same as the JokeBook they refer to.
The FFDL would look something like:
CREATE OBJECTTYPE JokeBook (title STRING, writers REFERENCE /FFUserGroup, readers REFERENCE /FFUserGroup)
CREATE COLLECTION /JokeBooks OBJECTTYPE JokeBook
PERMIT read:object.readers write:object.writers ON /JokeBooks
This defines a JokeBooks Collection that contains Jokebook Objects that have a title, a reference to an author, a reference to a group of users with write access named writers and a group of users with read access named readers.
CREATE OBJECTTYPE Joke (setup STRING, punchline STRING, book REFERENCE /JokeBook)
CREATE COLLECTION /Jokes OBJECTTYPE Joke
PERMIT read:object.book.readers write:object.book.writers ON /Jokes
This defines a Jokes Collection that contains Joke Objects which have a a reference called “book” from the JokeBooks Collection:
book REFERENCE /JokeBooksSo, you will notice that read and write permissions for a Joke object are set to refer to the read and write permissions (respectively) that are defined for the JokeBook object referred to by the “book” member.
PERMIT read:object.book.readers, write:object.book.writers ON /Jokes
Voila! Now the Joke object has the same permissions as the JokeBook object – as easy as that!
Of course, this is the default setting and you can always change the access to any particular object programmatically in your application code.
Hope you find this useful!!
For more details, see the FFDL documentation here.
To see the other things you can do with permissions see here.