Skip to content

User access control

Jump to bottom Edit New page
josephg edited this page Sep 19, 2011 · 13 revisions

New in 0.4!

When you create a server, you can specify an auth(client, action) method. This method will be called anytime a user tries to do anything, and you can choose whether to accept or reject the attempted action.

The auth method is specified in the options object when a server is created:

options =
	db:
		type:'memory'
	auth: (client, action) ->
		action.accept()

server = connect(...)
sharejs.attach server, options
server.listen 8000

client is an object which is associated with a unique client connection. The client object has the following fields:

  • headers: Dictionary of the client's HTTP headers. This is set when the client initially connects and is not updated. Header names are lowercase.
  • id: A random string associated with the client session.
  • connectTime: A Date which says when the session was established
  • remoteAddress: The IP or hostname of the client

The client object is kept for as long as the client stays connected. ... So, you can cache your own custom data in the client object. For example, you could look up a user's session ID from their cookie in the http headers. Use the session ID to look up their username, and then put that in the client object.

action is an object which represents what the user is trying to do.

The most important fields of the action are action.accept() and action.reject(). Call accept() to allow the user's action and reject() to deny it.

auth must always call either accept or reject!

Other fields:

  • name: The name of the action.
  • type: CRUD action type (create, read, update or delete. ... Or connect.. because I need that too.)

Actions

Name Type Other fields Description
connect connect - A client is trying to connect. All the interesting information is in the client object. All clients will generate a connect request, even when their connection is not persistant.
create create docName, docType, meta Create a new document
get snapshot read docName Get a document snapshot
get ops read docName, start, end Get historical operations from start to end on the document. If end is null, the client is requesting all ops.
listen read docName The client is requesting a stream of all applied operations
submit op update docName, op, v, meta Apply op to docName at version v
delete delete docName Permanently delete the named document

Please try it out and file any bugs you find!

Add a custom footer
Add a custom sidebar
Clone this wiki locally