API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 18th, 2019
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.60 KB | None | 0 0
raw download clone embed print report
  1. (function () {
  2. module.exports = {
  3. /*
  4. Index keys in Thunderclap all start with an "!". Use a regular
  5. expression match to prevent direct index access by anyone other
  6. than a dbo. Internally a built-in dbo does index look-up and
  7. drops indexes the current user is not authorized to use from
  8. the look-up process. Changing this will create a data security
  9. inference leak.
  10. */
  11. [/\!.*/]: {
  12. read: ["dbo"],
  13. write: {
  14. dbo: true, // alternate form of role specification for example
  15. }
  16. },
  17. // Only a dbo can call `clear` on a database.
  18. clear: {
  19. execute: ["dbo"]
  20. },
  21. // Only a dbo can call `entries` to get matching entries in a database
  22. entries: {
  23. execute: ["dbo"]
  24. },
  25. // Only a dbo can call `keys` to get matching keys in a database
  26. keys: {
  27. execute: ["dbo"]
  28. },
  29. // Only dbo can call `values` to get matching values in a database
  30. values: {
  31. execute: ["dbo"]
  32. },
  33. // The key to control access to objects of class "User".
  34. "User@":
  35. /*
  36. Very restrictive. Don't return a user record for read or write
  37. unless requested by a dbo or data subject. Application implementers
  38. will probably want to modify this.
  39. */
  40. filter: async function({action,user,data,request}) {
  41. if(user.roles.dbo || user.userName===data.userName) {
  42. return data;
  43. }
  44. },
  45. // Control the properties within a User object
  46. properties: {
  47. read: {
  48. // Only dbos can read roles
  49. roles: ["dbo"],
  50. // Only dbo's can read password hashes
  51. hash: ["dbo"],
  52. // Only dbo's can read password salts
  53. salt: {
  54. dbo: true // example of alternate control form
  55. }
  56. },
  57. write: {
  58. password: {
  59. /*
  60. A propery named "password" can never be written.
  61. Added in case an application developer happens
  62. to create a property by this name. Thunderclap
  63. does not use.
  64. */
  65. },
  66. // only the dbo and data subject can write a hash and salt
  67. hash: ({action,user,object,key,request}) => {
  68. return user.roles.dbo || object.userName===user.userName;
  69. },
  70. salt: ({action,user,object,key,request}) => {
  71. return user.roles.dbo || object.userName===user.userName;
  72. },
  73. // can't change name of primary dbo
  74. userName: ({action,user,object,key,request}) => {
  75. return object.userName!=="dbo";
  76. }
  77. }
  78. }
  79. }
  80. }
  81. }).call(this);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!