Overview

Guide Lifecycle Services Translations Auxiliary Exceptions Roadmap Blog

API

AppError Collection Component Document Event EventCancelError Field Local Log MediaType Path Secure SecureError Timer Type Tyr Unit Units UnitConversionError UnitDegree UnitFactor UnitSystem UnitType UserError

Tyreant

Overview

Secure mixin, mixins Component

Secure is a mixin interface that Tyranid users can implement to secure Tyranid queries, updates, and REST endpoints.

Call Tyr.mixin(your class, Tyr.Secure) on your class to mix in the security functionality.

Register your Secure implementation with Tyranid by passing it into the Tyr.config() call.

permissions

By default Tyranid will use the following permissions automatically in its built-in methods.

permissions: {
    find:   'find',     // find*(), by*() methods
    insert: 'insert',   // insert(), save() when inserting, $insert() methods
    update: 'update',   // update(), save() when updating, $update() methods
    remove: 'remove'    // remove(), $remove() methods
  },

If you would like to override the default permissions (for example, to rename 'remove' to 'delete' or to collapse insert/update into an 'edit' permission) you can configure that using the permissions option on config.

AccessResult

This result is returned by checkAccess() and stored on Document's $access property.

OptionTypeNotes
{
allowed:booleanIndicates whether the end-user has query-level access to this document.
fields: {
effect:'allow' | 'deny'Indicates whether the following fields are specifically allowed or denied.
names:string[]An array of field names that are either to be allowed or denied.
}
reason?:stringContains any human-readable explanation for access denial.
}

instance

canInsert(collection: Collection,
document: Document | object,
perm: string,
authObj: any): boolean

If a Secure component is registered with Tyranid, Tyranid will invoke the canInsert() method to determine whether a document can be inserted into the given collection.

checkAccess(document: Document,
perm: string,
authObj: any),
opts: Options): AccessResult

If a Secure component is registered with Tyranid, Tyranid will invoke the checkAccess() method to populate the Document.$access object for later use by Document.$redact().

query(collection: Collection,
perm: string,
authObj: any): MongoDB query object

If a Secure component is registered with Tyranid, Tyranid will invoke the query() method to add additional restrictions to its find methods when working with data.