TechQA.

Policy for owner-only record visibility

28 views Asked by At

I am considering to use Kinto to provide a storage backend for user-created/-managed data.

However, all examples I have seen in the docs only talk about "everyone can read" scenarios. In my case, each user should only see their own records, unless some are explicitly shared by others or made visible to everyone explicitly from the backend/admin side.

Is there an example of such a policy or an easy way to describe/add it to Kinto?

kinto
Original Q&A
1

There are 1 answers

2
slav0nic On BEST ANSWER

All what you need, just create collection with permission:

{
 "permissions": {
    "record:create": ["system.Authenticated"]
  }
}

and create record.

Every user will see only personal records which he created, so you must be authorized as alice to see records with {"permissions": {"write": [ "account:alice"]} in ../records endpoint listing or get it by id

Related Questions in KINTO

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions