API Policies - Custom Policy

It's less of a question, but more of a suggestion I would like to ask here, maybe there is also a solution for it already. If we will get a working "default" option like this example:

entities:
  User:
    authenticable: true
    properties: 
      - name
      - {name: role, type: choice, options: {values: ["admin", "mod", "user"], default: "user"}}

entities:
  User:
    authenticable: true
    properties: 
      - name
      - {name: role, type: choice, options: {values: ["admin", "mod", "user"], default: "user"}}

Wouldn't it be also great to make our own custom policy, where it doesn't necessarily has to depend on the 4 access types?

I am going to take the Invoice example to show what I mean

entities:
  Invoice 🧾:
    properties:
      - number
      - { name: issueDate, type: date }
    policies:
      create:
        - { access: custom, allow: UserRole ["admin", "mod"] }
      update:
        - access: admin
      delete:
        - access: forbidden


policies: 
  UserRole:
    User:
      - {property: role, policy: restricted}

entities:
  Invoice 🧾:
    properties:
      - number
      - { name: issueDate, type: date }
    policies:
      create:
        - { access: custom, allow: UserRole ["admin", "mod"] }
      update:
        - access: admin
      delete:
        - access: forbidden


policies: 
  UserRole:
    User:
      - {property: role, policy: restricted}

I hope that's understandable enough, but if there are more ideas or question, I'll be happy to answer them

Manifest•12mo ago•

2 replies

BennySama

API Policies - Custom Policy

It's less of a question, but more of a suggestion I would like to ask here, maybe there is also a solution for it already. If we will get a working "default" option like this example:

entities:
  User:
    authenticable: true
    properties: 
      - name
      - {name: role, type: choice, options: {values: ["admin", "mod", "user"], default: "user"}}

entities:
  User:
    authenticable: true
    properties: 
      - name
      - {name: role, type: choice, options: {values: ["admin", "mod", "user"], default: "user"}}

Wouldn't it be also great to make our own custom policy, where it doesn't necessarily has to depend on the 4 access types?

I am going to take the Invoice example to show what I mean

entities:
  Invoice 🧾:
    properties:
      - number
      - { name: issueDate, type: date }
    policies:
      create:
        - { access: custom, allow: UserRole ["admin", "mod"] }
      update:
        - access: admin
      delete:
        - access: forbidden


policies: 
  UserRole:
    User:
      - {property: role, policy: restricted}

entities:
  Invoice 🧾:
    properties:
      - number
      - { name: issueDate, type: date }
    policies:
      create:
        - { access: custom, allow: UserRole ["admin", "mod"] }
      update:
        - access: admin
      delete:
        - access: forbidden


policies: 
  UserRole:
    User:
      - {property: role, policy: restricted}

I hope that's understandable enough, but if there are more ideas or question, I'll be happy to answer them

API Policies - Custom Policy

Similar Threads

API Policies - Custom Policy

Similar Threads

Similar Threads

Similar Threads