SapphireDb logo SapphireDb

Update - Authentication/Authorization

You can use the [UpdateAuth]-Attribute to control the permission of a user to update the data of a collection.

Usage

The [UpdateAuth]-Attribute can be used on the model class and/or on specific fields/properties of the model

Every auth-attribute can be used in three ways.
  1. Without attributes: Authentication required
  2. Policies: A comma separated string of policy-names. All policies have to succeed. Check out Policies for more details
  3. Function name: You can optionally pass the name of a function in the class that has to return a boolean. The function will get executed to check if the user is allowed for the action.
Multiple attributes: You can define multiple Attributes for each model. Only one of the attributes defined condition has to succeed.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.

The usage equals the usage of the [QueryAuth]-Attribute. Check out the Documentation for Query

Demo

Use this controls to change the login state

You are currently not logged in

This small demo combines all auth mechanisms at once.
The model itself is marked as [Updatable]. That means that all fields of the model can get updated.
It also has the attribute [UpdateAuth]. The result is, that only authenticated users that are verified by the policy requireUser can update properties of the model. The model has three properties that are only updatable under certain conditions:
1. RequiresUser: This property has no extra condition and is updatable when all requirements for the model are met
2. CustomFunction: This property is marked with a custom function to check if it is updatable. It is only updatable when the property RequiresUser has the value Yes.
3. RequiresAdmin: This property is marked as only updatable when the policy requireAdmin is met. Only users in role admin can update this value.

\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.UpdateExamples').values();\n \t}\n\n \tupdate(collection$: Observable<DefaultCollection<any>>, value: any) {\n \t\tthis.db.collection('AuthDemo.UpdateExamples').update([value, {\n \t\t\trequiresUser: 'No',\n \t\t\tcustomFunction: 'test 123',\n \t\t\trequiresAdmin: 'Updated'\n \t\t}]);\n \t}\n } \f:(csharp:Model.cs:Server) [Updatable]\n [UpdateAuth("requireUser")]\n public class UpdateExample : Base\n {\n \tpublic string RequiresUser { get; set; }\n\n \t[UpdateAuth(functionName: nameof(IsAllowed))]\n \tpublic string CustomFunction { get; set; }\n\n \tprivate bool IsAllowed()\n \t{\n \t\treturn RequiresUser == "Yes";\n \t}\n\n \t[UpdateAuth("requireAdmin")]\n \tpublic string RequiresAdmin { get; set; }\n } \f:(csharp:Startup.cs:Server) public void ConfigureServices(IServiceCollection services)\n {\n \tservices.AddAuthorization(config =>\n \t{\n \t\tconfig.AddPolicy("requireAdmin", b => b.RequireRole("admin"));\n \t\tconfig.AddPolicy("requireUser", b => b.RequireRole("user"));\n \t});\n }

This website uses Google Analytics. If you want to disable it just unselect the option: