How do I make a permission group that only gives the User acess to a resource "profiles" that has the same username as the user #265
-
So I have two documents, user (which I use the admin Collection for) and profile. I would like to limit the users capability to only be able to update profiles which have username that is the same as the users username. How do I write a resource name that does that? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Currently, there isn't a way to execute any logic on the contents of documents to determine whether or not permissions should be applied. It's an interesting idea, and I'll try to brainstorm how this might be doable in the future. Today, there are two approaches i can suggest:
Apologies I don't have a great answer that works today for your setup! |
Beta Was this translation helpful? Give feedback.
-
Hi @ecton thanks for the reply. Yes ABAC is a nice feature to have I have now found the entries in the book where I can at least make the entries via the user_id at the moment. I can easily enough use the document id for that at the moment, since the list is going to be static and I can make groups for the shared resources the user should have access too. |
Beta Was this translation helpful? Give feedback.
Currently, there isn't a way to execute any logic on the contents of documents to determine whether or not permissions should be applied. It's an interesting idea, and I'll try to brainstorm how this might be doable in the future.
Today, there are two approaches i can suggest: