gristlabs_grist-core/app/common/GranularAccessClause.ts

/**
 * All possible access clauses.  There aren't all that many yet.
 * In future the clauses will become more generalized, and start specifying
 * the principle / properties of the user to which they apply.
 */
export type GranularAccessClause =
  GranularAccessDocClause |
  GranularAccessTableClause |
  GranularAccessRowClause;

/**
 * A clause that forbids anyone but owners from modifying the document structure.
 */
export interface GranularAccessDocClause {
  kind: 'doc';
  rule: 'only-owner-can-modify-structure';
}

/**
 * A clause that forbids anyone but owners from accessing a particular table.
 */
export interface GranularAccessTableClause {
  kind: 'table';
  tableId: string;
  rule: 'only-owner-can-access';
}

/**
 * A clause that forbids anyone but owners from editing a particular table
 * or viewing rows for which the named column contains a falsy value.
 */
export interface GranularAccessRowClause {
  kind: 'row';
  tableId: string;
  colId: string;
  rule: 'only-owner-can-edit-table-and-access-all-rows';
}
(core) add some row-level access control Summary: This implements a form of row-level access control where for a given table, you may specify that only owners have access to rows for which a given column has falsy values. For simplicity: * Only owners may edit that table. * Non-owners with the document open will have forced reloads whenever the table is modified. Baby steps... Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2633 2020-10-12 13:50:07 +00:00			`/**`
			`* All possible access clauses. There aren't all that many yet.`
			`* In future the clauses will become more generalized, and start specifying`
			`* the principle / properties of the user to which they apply.`
			`*/`
			`export type GranularAccessClause =`
			`GranularAccessDocClause \|`
			`GranularAccessTableClause \|`
			`GranularAccessRowClause;`

			`/**`
			`* A clause that forbids anyone but owners from modifying the document structure.`
			`*/`
			`export interface GranularAccessDocClause {`
			`kind: 'doc';`
			`rule: 'only-owner-can-modify-structure';`
			`}`

			`/**`
			`* A clause that forbids anyone but owners from accessing a particular table.`
			`*/`
			`export interface GranularAccessTableClause {`
			`kind: 'table';`
			`tableId: string;`
			`rule: 'only-owner-can-access';`
			`}`

			`/**`
			`* A clause that forbids anyone but owners from editing a particular table`
			`* or viewing rows for which the named column contains a falsy value.`
			`*/`
			`export interface GranularAccessRowClause {`
			`kind: 'row';`
			`tableId: string;`
			`colId: string;`
			`rule: 'only-owner-can-edit-table-and-access-all-rows';`
			`}`